CVE-2016-5975

Name of the Vulnerable Software and Affected Versions IBM Tealeaf Customer Experience versions prior to 8.7.1.8847 FP10 IBM Tealeaf Customer Experience versions prior to 8.8.0.9049 FP9 IBM Tealeaf Customer Experience version 9.0.0 IBM Tealeaf Customer Experience versions prior to 9.0.1.1117 FP5 IBM Tealeaf Customer Experience versions prior to 9.0.1.5108 9.0.1A FP5 IBM Tealeaf Customer Experience versions prior to 9.0.2.1223 FP3 IBM Tealeaf Customer Experience versions prior to 9.0.2.5224 9.0.2A FP3

Description A cross-site scripting (XSS) issue exists in the Web UI of the web portal, allowing remote authenticated users to inject arbitrary web script or HTML via an embedded string.

Recommendations For versions prior to 8.7.1.8847 FP10, update to 8.7.1.8847 FP10 or later. For versions prior to 8.8.0.9049 FP9, update to 8.8.0.9049 FP9 or later. For version 9.0.0, update to a later version. For versions prior to 9.0.1.1117 FP5, update to 9.0.1.1117 FP5 or later. For versions prior to 9.0.1.5108 9.0.1A FP5, update to 9.0.1.5108 9.0.1A FP5 or later. For versions prior to 9.0.2.1223 FP3, update to 9.0.2.1223 FP3 or later. For versions prior to 9.0.2.5224 9.0.2A FP3, update to 9.0.2.5224 9.0.2A FP3 or later.