CVE-2014-6163

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Datapower Xc10 Appliance Firmware
Vendor: CVE Published:; 11 December 2014

Summary

Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21691035

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/97712

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Sep 2, 2014