Cross-Site Scripting in IBM WebSphere DataPower SOA Appliances
CVE-2013-0499

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Datapower Xc10 Appliance Firmware; Websphere Datapower Xc10 Appliance
Vendor: CVE Published:; 28 May 2013

Summary

A cross-site scripting vulnerability exists in the echo functionality of IBM WebSphere DataPower SOA appliances. This weakness allows attackers to inject arbitrary web scripts or HTML code through crafted SOAP messages. Affected services include XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services, potentially compromising the integrity of the application and the data it processes.

References

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/82221

vdb-entryx_refsource_XF

http://seclists.org/bugtraq/2013/May/83

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 28, 2013
Vulnerability Reserved
Dec 16, 2012