Cross-Site Scripting Vulnerability in IBM Financial Transaction Manager
CVE-2020-4560
4.7MEDIUM
Summary
IBM Financial Transaction Manager version 3.2.4 is susceptible to a Cross-Site Scripting (XSS) vulnerability, which enables attackers to inject arbitrary JavaScript code into the Web UI. This security flaw could be exploited to manipulate the application's intended functionality, potentially leading to the disclosure of sensitive user credentials within a trusted session.
Affected Version(s)
Financial Transaction Manager 3.2.4
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved