IBM Security Bulletin: Persistent cross-site scripting vulnerability in Process Admin Console affecting IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) CVE-2015-0156

IBM Business Process Manager is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser...

from IBM Product Security Incident Response Team http://ift.tt/1QLV1wb