CVE-2014-3075
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0019 (0.2%)
Percentil: 40.2%
EPSS: 2026-05-06
Afecta
ibm:business_process_manageribm:websphere_application_serverDescripción técnica
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.
Publicada: 4/9/2014, 10:55:06
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR50092
- http://www-01.ibm.com/support/docview.wss?uid=swg21679979
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93817
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR50092
- http://www-01.ibm.com/support/docview.wss?uid=swg21679979
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93817