CVE-2004-1442

Currently unrated

Key Information:

Vendor: IBM
Status: Net.data
Vendor: CVE Published:; 31 December 2004

Summary

Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."

References

http://www.kb.cert.org/vuls/id/DMOA-5VNPEL

x_refsource_CONFIRM

http://www.securitytracker.com/id?1008845

vdb-entryx_refsource_SECTRACK

http://www.kb.cert.org/vuls/id/197318

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability Reserved
Feb 13, 2005
Vulnerability published
Dec 31, 2004