Posted by RedTeam Pentesting GmbH on Feb 10

Advisory: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics
Page

During a penetration test, RedTeam Pentesting discovered that the IBM
Endpoint Manager Relay Diagnostics page allows anybody to persistently
store HTML and JavaScript code that is executed when the page is opened
in a browser.

Details
=======

Product: IBM Endpoint Manager
Affected Versions: 9.1.x versions earlier than 9.1.1229,
9.2.x…