CVE Vulnerability

CVE-2007-5798

Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245
http://secunia.com/advisories/27448 Vendor Advisory
http://www.securityfocus.com/bid/26276
http://www.securitytracker.com/id?1018884
http://osvdb.org/41618
http://www.vupen.com/english/advisories/2007/3672
https://exchange.xforce.ibmcloud.com/vulnerabilities/38177
Configurations

Configuration 1

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
Information

Published : 2007-11-03 12:46

Updated : 2017-07-29 01:33

NVD link : CVE-2007-5798

Mitre link : CVE-2007-5798

Products Affected
No products.
CWE
CWE-79