IBM WebSphere Cross-Site Scripting Vulnerability

IBM WebSphere is a series of commercial webserver and webserver related products.

IBM WebSphere does not filter script embedding from user-submitted links that are displayed on the server's websites. A malicious webmaster can exploit this vulnerability to cause JavaScript commands or embedded scripts to be executed by any user who clicks on the hyper-link.

When the malicious hyper-link is clicked it will produce the standard error message for the webserver, but it will also run the arbitrary code in the same browser as the domain.


 

Privacy Statement
Copyright 2010, SecurityFocus