Cross site scripting

2016-07-0321:59:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CPENameOperatorVersion
websphere_commerceeq6.0.0.7
websphere_commerceeq8.0.0.2
websphere_commerceeq7.0.0.6
websphere_commerceeq7.0.0.4
websphere_commerceeq6.0.0.5
websphere_commerceeq6.0.0.10
websphere_commerceeq7.0
websphere_commerceeq6.0.0.11
websphere_commerceeq6.0.0.2
websphere_commerceeq7.0.0.5

Name	Operator	Version
websphere_commerce	eq	6.0.0.7
websphere_commerce	eq	8.0.0.2
websphere_commerce	eq	7.0.0.6
websphere_commerce	eq	7.0.0.4
websphere_commerce	eq	6.0.0.5
websphere_commerce	eq	6.0.0.10
websphere_commerce	eq	7.0
websphere_commerce	eq	6.0.0.11
websphere_commerce	eq	6.0.0.2
websphere_commerce	eq	7.0.0.5

Rows per page:

1-10 of 271

References

www-01.ibm.com/support/docview.wss?uid=swg1JR55049

www-01.ibm.com/support/docview.wss?uid=swg1JR55139

www-01.ibm.com/support/docview.wss?uid=swg1JR55141

www-01.ibm.com/support/docview.wss?uid=swg1JR55264

www-01.ibm.com/support/docview.wss?uid=swg21983625

www.securityfocus.com/bid/91533

www.securitytracker.com/id/1036206