Lucene search

IbmCVE-2013-0566

HistoryAug 27, 2013 - 3:34 a.m.

CVE-2013-0566

2013-08-2703:34:34

CWE-79

ibm

web.nvd.nist.gov

cve-2013-0566

xss

vulnerabilities

ibm

websphere commerce

remote attackers

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

55.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

ibmwebsphere_commerceMatch5.6.1

ibmwebsphere_commerceMatch5.6.1.1

ibmwebsphere_commerceMatch5.6.1.2

ibmwebsphere_commerceMatch5.6.1.3

ibmwebsphere_commerceMatch5.6.1.4

ibmwebsphere_commerceMatch5.6.1.5

ibmwebsphere_commerceMatch6.0.0.0

ibmwebsphere_commerceMatch6.0.0.1

ibmwebsphere_commerceMatch6.0.0.2

ibmwebsphere_commerceMatch6.0.0.3

ibmwebsphere_commerceMatch6.0.0.4

ibmwebsphere_commerceMatch6.0.0.5

ibmwebsphere_commerceMatch6.0.0.6

ibmwebsphere_commerceMatch6.0.0.7

ibmwebsphere_commerceMatch6.0.0.8

ibmwebsphere_commerceMatch6.0.0.9

ibmwebsphere_commerceMatch6.0.0.10

ibmwebsphere_commerceMatch6.0.0.11

ibmwebsphere_commerceMatch7.0

ibmwebsphere_commerceMatch7.0.0.1

ibmwebsphere_commerceMatch7.0.0.2

ibmwebsphere_commerceMatch7.0.0.3

ibmwebsphere_commerceMatch7.0.0.4

ibmwebsphere_commerceMatch7.0.0.5

ibmwebsphere_commerceMatch7.0.0.6

ibmwebsphere_commerceMatch7.0.0.7

VendorProductVersionCPE
ibmwebsphere_commerce5.6.1cpe:2.3:a:ibm:websphere_commerce:5.6.1:*:*:*:*:*:*:*
ibmwebsphere_commerce5.6.1.1cpe:2.3:a:ibm:websphere_commerce:5.6.1.1:*:*:*:*:*:*:*
ibmwebsphere_commerce5.6.1.2cpe:2.3:a:ibm:websphere_commerce:5.6.1.2:*:*:*:*:*:*:*
ibmwebsphere_commerce5.6.1.3cpe:2.3:a:ibm:websphere_commerce:5.6.1.3:*:*:*:*:*:*:*
ibmwebsphere_commerce5.6.1.4cpe:2.3:a:ibm:websphere_commerce:5.6.1.4:*:*:*:*:*:*:*
ibmwebsphere_commerce5.6.1.5cpe:2.3:a:ibm:websphere_commerce:5.6.1.5:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.0cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.1cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.2cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.3cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_commerce	5.6.1	cpe:2.3:a:ibm:websphere_commerce:5.6.1:::::::*
ibm	websphere_commerce	5.6.1.1	cpe:2.3:a:ibm:websphere_commerce:5.6.1.1:::::::*
ibm	websphere_commerce	5.6.1.2	cpe:2.3:a:ibm:websphere_commerce:5.6.1.2:::::::*
ibm	websphere_commerce	5.6.1.3	cpe:2.3:a:ibm:websphere_commerce:5.6.1.3:::::::*
ibm	websphere_commerce	5.6.1.4	cpe:2.3:a:ibm:websphere_commerce:5.6.1.4:::::::*
ibm	websphere_commerce	5.6.1.5	cpe:2.3:a:ibm:websphere_commerce:5.6.1.5:::::::*
ibm	websphere_commerce	6.0.0.0	cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:::::::*
ibm	websphere_commerce	6.0.0.1	cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:::::::*
ibm	websphere_commerce	6.0.0.2	cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:::::::*
ibm	websphere_commerce	6.0.0.3	cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:::::::*

Rows per page:

1-10 of 261

References

www-01.ibm.com/support/docview.wss?uid=swg1JR46776

www.ibm.com/support/docview.wss?uid=swg21647750

exchange.xforce.ibmcloud.com/vulnerabilities/83139

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

55.1%

JSON

Related for CVE-2013-0566