CVE-2024-49337

Description

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim’s mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.

References

https://www.ibm.com/support/pages/node/7183541

مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

نوشته های مشابه

Active! mail vulnerable to stack-based buffer overflow

Multiple vulnerabilities in BizRobo!

TP-Link Deco BE65 Pro vulnerable to OS command injection

spider orange

Next.js Middleware 15.2.2 – Authorization Bypass