CVE-2016-2862

Name of the Vulnerable Software and Affected Versions IBM WebSphere Commerce versions 6.0 through 6.0.0.11 IBM WebSphere Commerce versions 7.0 through 7.0.0.8 IBM WebSphere Commerce versions 8.0 through 8.0.0.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This can lead to the execution of malicious code on the victim's browser.

Recommendations For IBM WebSphere Commerce versions 6.0 through 6.0.0.11, update to version 6.0.0.12 or later. For IBM WebSphere Commerce versions 7.0 through 7.0.0.8, apply cumulative iFix 3 for version 7.0.0.9. For IBM WebSphere Commerce versions 8.0 through 8.0.0.4, update to version 8.0.0.5 or later.