Описание
Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:websphere_edge_server:5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_edge_server:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_edge_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_edge_server:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_edge_server:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_edge_server:6.1:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00265
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response.
EPSS
Процентиль: 50%
0.00265
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79