CVE-2013-6721 — Cross-site Scripting in IBM Websphere Service Registry AND Repository

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

3.5LOWNVD

EPSS

0.3%

top 51.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Service Registry AND Repository

Timeline

PublishedDec 17

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_service_registry_and_repository5 versions+4

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-gfjh-prwr-5vfg: Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7↗2022-05-17

▶

CVEList

CVE-2013-6721: Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7↗2013-12-17

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office 2007 - BIFFRecord Length Use-After-Free↗2015-09-16

▶

Exploit-DB

Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion↗2015-09-16

▶