CVE-2016-0283 β Cross-site Scripting in IBM Websphere Application Server
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 49.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 19
Latest updateMay 17
Description
Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages1 packages
π΄Vulnerability Details
2GHSAβΆ
GHSA-8qvq-m6fq-4488: Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profileβ2022-05-17
CVEListβΆ
CVE-2016-0283: Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profileβ2016-03-19