IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY WebSphere XSS
Content Collector for Email has addressed the following vulnerability. The Installation Verification Tool of IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE(s): CVE-2018-1643
Affected product(s) and affected version(s):
Content Collector for Email v4.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10744701
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144588
The post IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY WebSphere XSS appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ibm.co/2DW9QhG