PT-2015-5501 · Ibm · Ibm Sterling Selling/Fulfillment Suite+1
Published
2015-05-25
·
Updated
2016-11-30
·
CVE-2015-1911
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Sterling Selling and Fulfillment Suite versions 8.5 through 8.5 before HF113
IBM Sterling Selling and Fulfillment Suite versions 9.0.0 through 9.0.0 before FP92
IBM Sterling Field Sales (SFS) versions 9.0 through 9.0 before HF7
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This can be exploited by injecting malicious code into a website, potentially leading to unauthorized access or control.
Recommendations
For versions 8.5 through 8.5 before HF113, apply Hotfix 113 to resolve the issue.
For versions 9.0.0 through 9.0.0 before FP92, apply Fix Pack 92 to resolve the issue.
For versions 9.0 through 9.0 before HF7, apply Hotfix 7 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Sterling Field Sales
Ibm Sterling Selling/Fulfillment Suite