IBM WebSphere Application Server CVE-2018-1767 Cross Site Scripting Vulnerability
BID:106487
Info
IBM WebSphere Application Server CVE-2018-1767 Cross Site Scripting Vulnerability
| Bugtraq ID: | 106487 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1767 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 25 2018 12:00AM |
| Updated: | Oct 25 2018 12:00AM |
| Credit: | vah13 |
| Vulnerable: |
IBM WebSphere Application Server Liberty Profile 0 IBM Websphere Application Server 9.0 IBM Websphere Application Server 8.5 IBM Websphere Application Server 8.0 IBM Websphere Application Server 7.0 |
| Not Vulnerable: | |
Discussion
IBM WebSphere Application Server CVE-2018-1767 Cross Site Scripting Vulnerability
IBM WebSphere Application Server is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
IBM WebSphere Application Server is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
IBM WebSphere Application Server CVE-2018-1767 Cross Site Scripting Vulnerability
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
References
IBM WebSphere Application Server CVE-2018-1767 Cross Site Scripting Vulnerability
References:
References: