IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls.