IBM Initiate Master Data Service CVE-2014-4787 Unspecified Cross Site Scripting Vulnerability

Bugtraq ID:	69722
Class:	Input Validation Error
CVE:	CVE-2014-4787
Remote:	Yes
Local:	No
Published:	Sep 08 2014 12:00AM
Updated:	Sep 08 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM Initiate Master Data Service 9.7 IBM Initiate Master Data Service 9.5 IBM Initiate Master Data Service 10.1 IBM Initiate Master Data Service 10.0
Not Vulnerable:

IBM Initiate Master Data Service CVE-2014-4787 Unspecified Cross Site Scripting Vulnerability

IBM Initiate Master Data Service is prone to an unspecified cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

IBM Initiate Master Data Service CVE-2014-4787 Unspecified Cross Site Scripting Vulnerability

To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.

IBM Initiate Master Data Service CVE-2014-4787 Unspecified Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.