Описание
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640.
Ссылки
- VDB EntryVendor Advisory
- Vendor Advisory
- VDB EntryVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.5.0.0 (включая) до 8.5.5.26 (исключая)Версия от 9.0.0.0 (включая) до 9.0.5.21 (исключая)
Одно из
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00309
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 1 года назад
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640.
EPSS
Процентиль: 54%
0.00309
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79