Cross-Site Scripting Vulnerability in IBM WebSphere DataPower XC10 Appliance
CVE-2014-6163

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Datapower Xc10 Appliance Firmware
Vendor: CVE Published:; 11 December 2014

Summary

The vulnerability in the IBM WebSphere DataPower XC10 appliance affects versions 2.1 and 2.5 before FP4, allowing remote authenticated users to execute arbitrary web scripts or HTML through carefully crafted URLs, which could lead to unauthorized actions on behalf of the users.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21691035

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/97712

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Sep 2, 2014