Cross-Site Scripting Vulnerability in IBM WebSphere Application Server
CVE-2013-6323

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Virtual Enterprise
Vendor: CVE Published:; 1 May 2014

Summary

A cross-site scripting vulnerability has been identified in the Administration Console of IBM WebSphere Application Server, allowing remote authenticated users to exploit the system. Through a specially crafted URL, these users can inject arbitrary web scripts or HTML, leading to potential security breaches and unauthorized access to sensitive information. Vulnerable versions include earlier releases of WebSphere Application Server 7.x, 8.x, and 8.5.x, as well as WebSphere Virtual Enterprise 7.x.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

x_refsource_CONFIRM

http://www.securityfocus.com/bid/67720

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/88903

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 1, 2014
Vulnerability Reserved
Oct 31, 2013