exploitDog

CVE-2016-3042

Опубликовано: 01 окт. 2016

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1PI64790
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21986716
Vendor Advisory
http://www.securityfocus.com/bid/92985
http://www-01.ibm.com/support/docview.wss?uid=swg1PI64790
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21986716
Vendor Advisory
http://www.securityfocus.com/bid/92985

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*

EPSS

Процентиль: 42%

0.00199

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m83g-7486-crpx

CVSS3: 5.4

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.

EPSS

Процентиль: 42%

0.00199

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79