IBM Security Bulletin: Cross Site Scripting vulnerability in responsive coach view of IBM Business Process Manager (CVE-2016-9731)

One of the responsive coach views that can be used by customers to build responsive web forms that interact with business processes is vulnerable to cross site scripting.

CVE(s): CVE-2016-9731

Affected product(s) and affected version(s):

IBM Business Process Manager V8.5.7.0 prior to cumulative fix 2016.12

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hPGN2p
X-Force Database: http://ift.tt/2hDWlZn



from IBM Product Security Incident Response Team http://ift.tt/2hPM1eN