IBM Maximo versions 4.1 and 5.2 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary script and HTML code in a user's browser session.
The vulnerability exists due to an input sanitization error. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a website that is designed to pass malicious HTML or script code to the targeted server. An exploit could allow the attacker to execute malicious code in the user's browser session in the security context of the affected site.
IBM has not confirmed this vulnerability, and updated software is not available.