Cross-Site Scripting Vulnerability in IBM WebSphere Message Broker
CVE-2013-0466

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Message Broker
Vendor: CVE Published:; 20 February 2013

Summary

A cross-site scripting (XSS) vulnerability exists in IBM WebSphere Message Broker versions 7.0 and 8.0 when wsdl support is enabled on a SOAPInput node. This flaw allows remote attackers to inject arbitrary web scripts or HTML into error messages constructed from improperly handled WSDL requests. Addressing this issue is crucial to protect applications from potential unauthorized data exposure.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21623316

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IC89383

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/81062

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 20, 2013
Vulnerability Reserved
Dec 16, 2012