IBM Worklight CVE-2017-1772 Cross Site Scripting Vulnerability
BID:103735
CVE-2017-1772 |Info
IBM Worklight CVE-2017-1772 Cross Site Scripting Vulnerability
| Bugtraq ID: | 103735 |
| Class: | Input Validation Error |
| CVE: |
CVE-2017-1772 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2018 12:00AM |
| Updated: | Apr 04 2018 12:00AM |
| Credit: | Spyridon Chatzimichail. |
| Vulnerable: |
IBM MobileFirst Platform Foundation 8.0.0.0 IBM MobileFirst Platform Foundation 7.1.0.0 IBM MobileFirst Platform Foundation 7.0.0.0 IBM MobileFirst Platform Foundation 6.3.0.0 |
| Not Vulnerable: | |
Discussion
IBM Worklight CVE-2017-1772 Cross Site Scripting Vulnerability
IBM Worklight is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
IBM MobileFirst Platform Foundation 8.0.0.0, 7.1.0.0, 7.0.0.0, and 6.3.0.0 are vulnerable.
IBM Worklight is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
IBM MobileFirst Platform Foundation 8.0.0.0, 7.1.0.0, 7.0.0.0, and 6.3.0.0 are vulnerable.
Solution / Fix
IBM Worklight CVE-2017-1772 Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
IBM Worklight CVE-2017-1772 Cross Site Scripting Vulnerability
References:
References: