Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition prior to 9.1 allows remote malicious users to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm omnifind 8.5 |
||
ibm omnifind |
||
ibm omnifind 8.0 |
||
ibm omnifind 8.4 |