IBM Security Access Manager for Enterprise CVE-2013-6745 Unspecified HTML Injection Vulnerability

IBM Security Access Manager for Enterprise CVE-2013-6745 Unspecified HTML Injection Vulnerability

IBM Security Access Manager for Enterprise Single Sign-On is prone to an unspecified HTML-injection vulnerability because it fails to sanitize user-supplied input.

Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible

IBM Security Access Manager for Enterprise Single Sign-On 8.2 is vulnerable; other versions may also be affected.