Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5798

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5798
Last Modified 07 Mar 2011 10:01:19
Published 02 Nov 2007 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5798

Summary

Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 6.1.0.12


References

XF - websphere-navigatetree-xss(38177)

VUPEN - ADV-2007-3672

AIXAPAR - PK50245

SECUNIA - 27448

OSVDB - 41618

SECTRACK - 1018884

BID - 26276


Last Updated: 27 May 2016 10:46:16