- Description
- IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
- Products
- websphere_application_server
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- psirt@us.ibm.com
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FAEFC6-15B9-4787-B3F6-4EC29BBC546C",
"versionEndExcluding": "8.5.5.29",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5016ACF6-369F-4554-9EFA-ACAE358BCC2A",
"versionEndExcluding": "9.0.5.27",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*",
"matchCriteriaId": "7D2B4A85-1B09-41A9-8582-B6A8316583F9",
"versionEndExcluding": "26.0.0.1",
"versionStartIncluding": "17.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]