CVE-2010-0768 — Cross-site Scripting in IBM Websphere Application Server

CWE-79 — Cross-site Scripting18 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 54.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedApr 1

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server6.0.2.39+42

🔴Vulnerability Details

GHSA

GHSA-cw46-2282-7m47: Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6↗2022-05-02

▶

CVEList

CVE-2010-0768: Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6↗2010-04-01

▶

💥Exploits & PoCs

Exploit-DB

GoodTech Telnet Server 5.0.6 - Remote Buffer Overflow (Metasploit)↗2010-05-09

▶

💬Community

Bugzilla

CVE-2010-3567 OpenJDK ICU Opentype layout engine crash (6963285)↗2010-10-12

▶

Bugzilla

CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002)↗2010-10-12

▶

Bugzilla

CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489)↗2010-10-04

▶

Bugzilla

CVE-2010-3568 OpenJDK Deserialization Race condition (6559775)↗2010-10-04

▶

Bugzilla

CVE-2010-3557 OpenJDK Swing mutable static (6938813)↗2010-10-04

▶