Cross-Site Scripting Vulnerabilities in IBM WebSphere Service Registry and Repository
CVE-2010-2985

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Service Registry And Repository
Vendor: CVE Published:; 10 August 2010

Summary

IBM WebSphere Service Registry and Repository (WSRR) version 6.3 contains multiple cross-site scripting vulnerabilities. These security flaws allow remote attackers to inject arbitrary web scripts or HTML through specific parameters. Attack vectors include the 'searchTerm' parameter in ServiceRegistry/HelpSearch.do and the 'queryItems[0].value' parameter in ServiceRegistry/QueryWizardProcessStep1.do. An exploitation of these vulnerabilities can lead to unauthorized actions, data theft, or further compromises of the web application.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75984

vendor-advisoryx_refsource_AIXAPAR

http://secunia.com/advisories/40862

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ76926

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 10, 2010