Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 4.3 | MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| CWE ID | Type | Source |
|---|---|---|
| CWE-79 | Primary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 | psirt@us.ibm.com | Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM81846 | psirt@us.ibm.com | N/A |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82697 | psirt@us.ibm.com | N/A |
| http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM81846 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82697 | af854a3a-2127-422b-91ae-364da2661108 | N/A |