CVE-2015-9247

Name of the Vulnerable Software and Affected Versions Skybox Platform versions prior to 7.5.401

Description An issue exists in the software where reflected cross-site scripting vulnerabilities can be exploited. This can occur through the "soapenv:Body" element in the /skyboxview/webservice/services/VersionRepositoryWebService endpoint, or via the status parameter in the "login.html" page.

Recommendations For versions prior to 7.5.401, update to version 7.5.401 or later to resolve the issue. As a temporary workaround, consider restricting access to the /skyboxview/webservice/services/VersionRepositoryWebService endpoint and avoiding use of the status parameter in the login.html page until the update is applied.