Full title: FICO Origination Manager Decision Module 4.8.1 XSS / Session Hijacking Vulnerabilities 
Category: web applications
Platform: php
Multiple persistent cross site scripting vulnerabilities in FICO Origination Manager Decision Module version 4.8.1 allow an attacker to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the JSESSIONID cookie of another user and take over their session. These two findings can be chained together.

# 0day.today @ http://0day.today/