CVE-2014-0932

IBM Sterling Order Management - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References (4)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1IT00419

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21670912

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/66993

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/92264

Scores

EPSS 0.0018

EPSS Percentile 39.5%

Details

CWE

CWE-79

Status published

Products (3)

ibm/sterling_order_management

ibm/sterling_selling_and_fulfillment_foundation

n/a/n/a

Published Apr 21, 2014

Tracked Since Feb 18, 2026