IBM Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) error handling (CVE-2015-0193)

IBM Business Proccess Manager is vulnerable to cross-site scripting, caused by improper neutralization of user-supplied input in some error situations. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a...

from IBM Product Security Incident Response Team http://ift.tt/1KCt1dP