Lucene search

IbmCVE-2013-6721

HistoryDec 17, 2013 - 3:21 p.m.

CVE-2013-6721

2013-12-1715:21:28

CWE-79

ibm

web.nvd.nist.gov

ibm

wsrr

xss

vulnerability

cve-2013-6721

web script

html

widgets

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

40.0%

JSON

Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.

Affected configurations

Nvd

Node

ibmwebsphere_service_registry_and_repositoryMatch7.5

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.1

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.2

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.3

ibmwebsphere_service_registry_and_repositoryMatch8.0.0

ibmwebsphere_service_registry_and_repositoryMatch8.0.0.1

ibmwebsphere_service_registry_and_repositoryMatch8.0.0.2

VendorProductVersionCPE
ibmwebsphere_service_registry_and_repository7.5cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository7.5.0.1cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.1:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository7.5.0.2cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.2:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository7.5.0.3cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.3:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository8.0.0cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0.0:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository8.0.0.1cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_service_registry_and_repository8.0.0.2cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_service_registry_and_repository	7.5	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5:::::::*
ibm	websphere_service_registry_and_repository	7.5.0.1	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.1:::::::*
ibm	websphere_service_registry_and_repository	7.5.0.2	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.2:::::::*
ibm	websphere_service_registry_and_repository	7.5.0.3	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.3:::::::*
ibm	websphere_service_registry_and_repository	8.0.0	cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0.0:::::::*
ibm	websphere_service_registry_and_repository	8.0.0.1	cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0.0.1:::::::*
ibm	websphere_service_registry_and_repository	8.0.0.2	cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0.0.2:::::::*

References

secunia.com/advisories/56130

www-01.ibm.com/support/docview.wss?uid=swg1IV51765

www-01.ibm.com/support/docview.wss?uid=swg21659623

www.securitytracker.com/id/1029498

exchange.xforce.ibmcloud.com/vulnerabilities/89230

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

40.0%

JSON

Related for CVE-2013-6721