Certain input passed to the search center is not properly sanitized before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is reported in version 220.127.116.11 running in AIX, IBM i, Linux, Solaris, Windows, and z/OS.
Solution: Apply combined cumulative fix CF004.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.