CVE-2013-6725
Description
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21669554
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21661325
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21661323
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1PM98132
Application impact
References
- http://osvdb.org/102119
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM98132
- http://www-01.ibm.com/support/docview.wss?uid=swg21661323
- http://www-01.ibm.com/support/docview.wss?uid=swg21661325
- http://www-01.ibm.com/support/docview.wss?uid=swg21669554
- http://www.securityfocus.com/bid/65099
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89280
- http://osvdb.org/102119
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM98132
- http://www-01.ibm.com/support/docview.wss?uid=swg21661323
- http://www-01.ibm.com/support/docview.wss?uid=swg21661325
- http://www-01.ibm.com/support/docview.wss?uid=swg21669554
- http://www.securityfocus.com/bid/65099
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89280
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.