IBM Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739)

IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by getting a victim to browse to the stored information and their browser will execute the script.

CVE(s): CVE-2017-1739

Affected product(s) and affected version(s):

IBM Cúram Social Program Management 7.0.0.0 – 7.0.1.1
IBM Cúram Social Program Management 6.2.0.0 – 6.2.0.6
IBM Cúram Social Program Management 6.1.0.0 – 6.1.1.6
IBM Cúram Social Program Management 6.0.5.0 – 6.0.5.10

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2meQn1I
X-Force Database: http://ift.tt/2D0rLE6

The post IBM Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2mnucqH