CVE-2016-0227

MEDIUM

IBM BPM <8.0.1.3, <8.5.0.2, <8.5.6.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References (3)

Scores

CVSS v3 5.4
EPSS 0.0024
EPSS Percentile 47.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status draft

Affected Products (33)

ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
... and 18 more

Timeline

Published Mar 03, 2016
Tracked Since Feb 18, 2026