VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 20, 2010· Updated Apr 29, 2026

CVE-2009-4999

CVE-2009-4999

Description

Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field.

Affected products

16
  • IBM/Filenet P8 Application Engine16 versions
    cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:003:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:003:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:004:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:001:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:002:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:005:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:006:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:007:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:008:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:009:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:010:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:011:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:012:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:013:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:014:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:015:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.