CVE-2009-4052

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet.

Reference

http://secunia.com/advisories/37442
http://www.osvdb.org/60319
http://www.securityfocus.com/bid/37083
http://www-01.ibm.com/support/docview.wss?uid=swg1PK90616
http://www-01.ibm.com/support/docview.wss?uid=swg1PK94324
http://www-01.ibm.com/support/docview.wss?uid=swg27012378
http://www-01.ibm.com/support/docview.wss?uid=swg27012558
https://exchange.xforce.ibmcloud.com/vulnerabilities/54360

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:31

Objavljeno

23-11-2009 - 17:30