CVE-2014-6192

Name of the Vulnerable Software and Affected Versions IBM Curam Social Program Management versions 6.0 SP2 before EP26 IBM Curam Social Program Management version 6.0.4 before 6.0.4.5 iFix10 IBM Curam Social Program Management version 6.0.5 before 6.0.5.6 IBM Curam Social Program Management version 6.0.5.5a before 6.0.5.8

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, which is a cross-site scripting (XSS) vulnerability.

Recommendations For IBM Curam Social Program Management versions 6.0 SP2 before EP26, update to EP26 or later. For IBM Curam Social Program Management version 6.0.4 before 6.0.4.5 iFix10, update to 6.0.4.5 iFix10 or later. For IBM Curam Social Program Management version 6.0.5 before 6.0.5.6, update to 6.0.5.6 or later. For IBM Curam Social Program Management version 6.0.5.5a before 6.0.5.8, update to 6.0.5.8 or later.