Vulnerability CVE-2015-1911
Published: 2015-05-24   Modified: 2015-05-25

Description:
Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
IBM -> Sterling field sales 
IBM -> Sterling order management 
IBM -> Sterling selling and fulfillment foundation 

 References:
http://www-01.ibm.com/support/docview.wss?uid=swg21700864
http://www.securityfocus.com/bid/74224
Copyright 2024, cxsecurity.com

 

Back to Top