VYPR
Unrated severityNVD Advisory· Published Apr 21, 2014· Updated Jun 17, 2026

CVE-2014-0932

CVE-2014-0932

Description

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Affected products

4
  • cpe:2.3:a:ibm:sterling_order_management:8.5:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ibm:sterling_order_management:8.5:*:*:*:*:*:*:*
    • (no CPE)range: 8.5 < HF105
  • cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.0:*:*:*:*:*:*:*
    • (no CPE)range: 9.0 < HF85

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.