Cross-site Scripting Vulnerability in IBM WebSphere Service Registry and Repository
CVE-2014-6132

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Service Registry And Repository
Vendor: CVE Published:; 24 December 2014

What is CVE-2014-6132?

The XSS vulnerability within the Web UI of IBM WebSphere Service Registry and Repository allows authenticated users to inject arbitrary scripts or HTML. This can result in a range of malicious actions, including session hijacking and data exfiltration. The vulnerability affects several versions of the product, posing risks to users who interact with the affected web interface.

References

http://www.ibm.com/support/docview.wss?uid=swg21693389

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=swg21693384

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=swg21693379

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2014
Vulnerability Reserved
Sep 2, 2014