CVE-2014-3075

IBM Business Process Manager - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.

References (3)

Scores

EPSS 0.0019
EPSS Percentile 40.5%

Details

CWE
CWE-79
Status published
Products (19)
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
... and 9 more
Published Sep 04, 2014
Tracked Since Feb 18, 2026