CVE-2015-9248

Name of the Vulnerable Software and Affected Versions Skybox Platform versions prior to 7.5.201

Description An issue exists in the software where stored cross-site scripting vulnerabilities are present in the title, Comments, or Description field. This issue is specifically related to the /skyboxview/webskybox/tickets endpoint in Change Manager.

Recommendations For versions prior to 7.5.201, update to version 7.5.201 or later to resolve the issue. As a temporary workaround, consider restricting access to the /skyboxview/webskybox/tickets endpoint in Change Manager to minimize the risk of exploitation. Avoid using the Comments and Description fields in this endpoint until the issue is resolved.