CVE-2014-6163

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

3.5LOW

EPSS

0.2%

top 59.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Datapower Xc10 Appliance Firmware

Timeline

PublishedDec 11

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_datapower_xc10_appliance_firmware2.1.0.0, 2.5.0.0+1

🔴Vulnerability Details

GHSA

GHSA-rvg5-rvr6-x6rv: Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2↗2022-05-17

▶

CVEList

CVE-2014-6163: Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2↗2014-12-11

▶