Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 4.3 | MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Hyperlink | Source | Resource |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI23819 | psirt@us.ibm.com | N/A |
| http://www-01.ibm.com/support/docview.wss?uid=swg21690185 | psirt@us.ibm.com | Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/97748 | psirt@us.ibm.com | N/A |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI23819 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www-01.ibm.com/support/docview.wss?uid=swg21690185 | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/97748 | af854a3a-2127-422b-91ae-364da2661108 | N/A |