IBM WebSphere Application Server ‘Liberty Profile’ Cross Site Scripting Vulnerability

Summary

WebSphere Application Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.

Credit:

The original article can be found at: http://www-01.ibm.com/support/docview.wss?uid=swg21614265


Details

Vulnerable Systems:
 * IBM WebSphere Application Server 8.5.0.1

WebSphere Application Server V8.5 Liberty Profile could allow a cross-site scripting attack, caused by improper validation of the URI. A remote attacker could exploit this vulnerability using a specially-crafted URL to inject script in a victim’s Web browser withing the security context of the hosting Web site.

CVE Information:
CVE-2012-4851

Disclosure Timeline:
Published: November 06 2012

Categories: News