Lucene search
IBMEDB-ID:32839HistoryFeb 26, 2009 - 12:00 a.m.
IBM Websphere Application Server 6.1/7.0 - Administrative Console Cross-Site Scripting
2009-02-2600:00:00
IBM
www.exploit-db.com
15
source: https://www.securityfocus.com/bid/34001/info
IBM WebSphere Application Server (WAS) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects versions prior to WAS 6.1.0.23 and 7.0.0.3.
http://www.example.com/ibm/console/<script>alert('DSecRG_XSS')</script>
http://www.example.com/ibm/console/<script>alert('DSecRG_XSS')</script>.jspRelated
prion
prion
Cross site scripting
2009-03-09 21:30:00
nvd
nvd
CVE-2009-0855
2009-03-09 21:30:00
cve
cve
CVE-2009-0855
2009-03-09 21:30:00
checkpoint_advisories
checkpoint_advisories
IBM WebSphere Application Server Cross-Site Scripting - Ver2 (CVE-2009-0855)
2014-03-31 00:00:00
packetstorm
packetstorm
IBM Websphere Application Server 7.0 Cross Site Scripting
2022-12-02 00:00:00
cvelist
cvelist
CVE-2009-0855
2009-03-09 00:00:00
nessus
nessus
IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws
2009-04-15 00:00:00