IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victims Web browser within the security context of the hosting site.
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as “<”, “>”, and “&” that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Aspera_shares | Ibm | 1.9.0 (including) | 1.10.0 (excluding) |
Aspera_shares | Ibm | 1.10.0 (including) | 1.10.0 (including) |
Aspera_shares | Ibm | 1.10.0-patch_level1 (including) | 1.10.0-patch_level1 (including) |
Aspera_shares | Ibm | 1.10.0-patch_level2 (including) | 1.10.0-patch_level2 (including) |
Aspera_shares | Ibm | 1.10.0-patch_level3 (including) | 1.10.0-patch_level3 (including) |
Aspera_shares | Ibm | 1.10.0-patch_level4 (including) | 1.10.0-patch_level4 (including) |
Aspera_shares | Ibm | 1.10.0-patch_level5 (including) | 1.10.0-patch_level5 (including) |
Aspera_shares | Ibm | 1.10.0-patch_level6 (including) | 1.10.0-patch_level6 (including) |