IBM MRO MAXIMO versions 4.1 and 5.2 suffer from cross site scripting and information disclosure vulnerabilities.