Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CPE | Name | Operator | Version |
---|---|---|---|
websphere_datapower_xc10_appliance_firmware | eq | 2.5.0.0 | |
websphere_datapower_xc10_appliance_firmware | eq | 2.1.0.0 |