CVE-2014-6132
Description
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21693387
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21693384
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21693381
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21693379
Application impact
References
- http://secunia.com/advisories/61805
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV64000
- http://www.ibm.com/support/docview.wss?uid=swg21693379
- http://www.ibm.com/support/docview.wss?uid=swg21693381
- http://www.ibm.com/support/docview.wss?uid=swg21693384
- http://www.ibm.com/support/docview.wss?uid=swg21693387
- http://www.ibm.com/support/docview.wss?uid=swg21693389
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96812
- http://secunia.com/advisories/61805
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV64000
- http://www.ibm.com/support/docview.wss?uid=swg21693379
- http://www.ibm.com/support/docview.wss?uid=swg21693381
- http://www.ibm.com/support/docview.wss?uid=swg21693384
- http://www.ibm.com/support/docview.wss?uid=swg21693387
- http://www.ibm.com/support/docview.wss?uid=swg21693389
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96812
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.