A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fico | origination_manager_decision | 4.8.1 |
Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fico | origination_manager_decision | 4.8.1 |