CVE-2014-8893 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x 3.3.2 before 3.3.2.3 and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Reference

http://secunia.com/advisories/62674 http://www-01.ibm.com/support/docview.wss?uid=swg21694767 https://exchange.xforce.ibmcloud.com/vulnerabilities/99012