CVE-2016-0255

Name of the Vulnerable Software and Affected Versions IBM Marketing Platform versions 9.1 through 10.0

Description The issue is caused by improper validation of user-supplied input, leading to stored cross-site scripting. A remote attacker could inject malicious script into a Web page, which would be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. This could allow an attacker to steal the victim's cookie-based authentication credentials.

Recommendations For IBM Marketing Platform versions 9.1 through 10.0, update to a version that properly validates user-supplied input to prevent stored cross-site scripting attacks. As a temporary workaround, consider restricting access to sensitive Web pages to minimize the risk of exploitation.