Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded."
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:53
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/32763 - Vendor Advisory | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg1PK73108 - Vendor Advisory | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg1PK73933 - Patch | |
References | () http://www.securityfocus.com/bid/32408 - | |
References | () http://www.vupen.com/english/advisories/2008/3234 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/46749 - |
Information
Published : 2008-11-25 23:30
Updated : 2024-11-21 00:53
NVD link : CVE-2008-5228
Mitre link : CVE-2008-5228
CVE.ORG link : CVE-2008-5228
JSON object : View
Products Affected
ibm
- workplace_content_management
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')