IBM Net.Data db2www Error Message Cross-Site Scripting Vulnerability

IBM Net.Data db2www Error Message Cross-Site Scripting Vulnerability

IBM Net.Data is prone to cross-site scripting attacks via error message output. This may permit a remote attack to create a link to a system hosting the software that includes embedded HTML and script code. This hostile code may be rendered in the web browser of a user who follows the malicious link.

Exploitation could permit theft of cookie-based authentication credentials or other attacks.