exploitDog

CVE-2024-45087

Опубликовано: 11 нояб. 2024

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Ссылки

https://www.ibm.com/support/pages/node/7175393
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00101

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-xq42-m8jp-gxh3

CVSS3: 4.8

github

около 1 года назад

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

EPSS

Процентиль: 28%

0.00101

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

CWE-79