CVE-2008-5043

Name of the Vulnerable Software and Affected Versions IBM Metrica Service Assurance Framework (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the web-based interface. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via specific parameters, including the elementid parameter in a generatedreportresults action to the "ReportTree" program, the jnlpname parameter to the "Launch" program, or the :tasklabel parameter to the "ReportRequest" program. This is related to the name of a report.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.