IBM System Storage DS Storage Manager Profiler version 4.8.6 suffers from cross site scripting and remote SQL injection vulnerabilities.