The host is installed with IBM Tivoli Endpoint Manager 8 before 8.2 patch 3 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly validate user-supplied input. Successful exploitation allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program.