IBM Net.Data 7.0/7.2 db2www Error Message Cross-Site Scripting Vulnerability

ID SSV:77352
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


IBM Net.Data is prone to cross-site scripting attacks via error message output. This may permit a remote attack to create a link to a system hosting the software that includes embedded HTML and script code. This hostile code may be rendered in the web browser of a user who follows the malicious link.

Exploitation could permit theft of cookie-based authentication credentials or other attacks.<script>alert(document.domain)</script>/A