Cross-Site Scripting Vulnerability in IBM WebSphere Service Registry and Repository
CVE-2014-6180

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Service Registry And Repository
Vendor: CVE Published:; 24 December 2014

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the Web UI of IBM WebSphere Service Registry and Repository, which allows remote authenticated users to inject arbitrary web scripts or HTML. This injection occurs via the HTTP User-Agent header, potentially compromising the security of affected web applications by enabling attackers to execute malicious scripts in the context of authenticated users' sessions.

References

http://www.ibm.com/support/docview.wss?uid=swg21693384

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV01657

vendor-advisoryx_refsource_AIXAPAR

http://www.ibm.com/support/docview.wss?uid=swg21693381

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 24, 2014
Vulnerability Reserved
Sep 2, 2014