Описание
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.5 (включая) до 8.5.5.29 (исключая)Версия от 9.0 (включая) до 9.0.5.27 (исключая)Версия от 17.0.0.3 (включая) до 26.0.0.1 (исключая)
Одно из
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*
EPSS
Процентиль: 9%
0.00031
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
2 месяца назад
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.
EPSS
Процентиль: 9%
0.00031
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79