Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
http://www.securityfocus.com/bid/92332 | vdb entry |
http://www-01.ibm.com/support/docview.wss?uid=swg21987129 | patch vendor advisory |