• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

IBM WebSphere Application Server Error Page Cross-Site Scripting Vulnerability

IBM WebSphere is prone to a cross-site scripting vulnerability in default error message pages.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected Web site. This may facilitate the theft of cookie-based authentication credentials; other attacks are also possible.

IBM WebSphere 6.0 was reported to be prone to this issue; other versions may also be vulnerable.