Описание
Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded."
Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-5228
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46749
- http://secunia.com/advisories/32763
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK73108
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK73933
- http://www.securityfocus.com/bid/32408
- http://www.vupen.com/english/advisories/2008/3234
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded."