Vulnerability Description
Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Sterling Field Sales | 9.0 |
| Ibm | Sterling Order Management | 8.5 |
| Ibm | Sterling Selling And Fulfillment Foundation | 9.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21700864PatchVendor Advisory
- http://www.securityfocus.com/bid/74224
- http://www-01.ibm.com/support/docview.wss?uid=swg21700864PatchVendor Advisory
- http://www.securityfocus.com/bid/74224
FAQ
What is CVE-2015-1911?
CVE-2015-1911 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in ...
How severe is CVE-2015-1911?
CVE-2015-1911 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1911?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Sterling Field Sales, Ibm Sterling Order Management, Ibm Sterling Selling And Fulfillment Foundation.