Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5944 — Cross-site Scripting in IBM Websphere Application Server

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

2.5%

top 14.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Websphere Application Server

Timeline

PublishedNov 14

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server13 versions+12

🔴Vulnerability Details

GHSA

GHSA-9rmf-q528-p6rv: Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5↗2022-05-01

▶

CVEList

CVE-2007-5944: Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5↗2007-11-14

▶

💥Exploits & PoCs

Exploit-DB

IBM Websphere Application Server 5.1.1 - WebContainer HTTP Request Header Security↗2007-11-15

▶