CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2009-4052
https://notcve.org/view.php?id=CVE-2009-4052
Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en JSF Widget Library Runtime de IBM Rational Application Developer de WebSphere Software en versiones anteriores a la v7.0.0.10 y Rational Software Architect en versiones anteriores a la v7.0.0.10 permiten a los usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque que involucran (1) JSF Tree Control y (2) JavaScript Resource Servlet. • http://secunia.com/advisories/37442 http://www-01.ibm.com/support/docview.wss?uid=swg1PK90616 http://www-01.ibm.com/support/docview.wss?uid=swg1PK94324 http://www-01.ibm.com/support/docview.wss?uid=swg27012378 http://www-01.ibm.com/support/docview.wss?uid=swg27012558 http://www.osvdb.org/60319 http://www.securityfocus.com/bid/37083 https://exchange.xforce.ibmcloud.com/vulnerabilities/54360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •