1 results (0.015 seconds)

CVSS: 4.3EPSS: 0%CPEs: 42EXPL: 2

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services. Una vulnerabilidad de tipo cross-site scripting (XSS) en la funcionalidad echo en dispositivos SOA WebSphere DataPower de IBM con la versión de firmware 3.8.2, 4.0, 4.0.1, 4.0.2 y 5.0.0, permite a los atacantes remotos inyectar script web o HTML arbitrarios por medio de un mensaje SOAP, como es demostrado por los servicios Firewall XML, Multi Protocol Gateway (MPGW), Proxy de servicio web y Token web. • http://seclists.org/bugtraq/2013/May/83 http://www-01.ibm.com/support/docview.wss?uid=swg21637717 https://exchange.xforce.ibmcloud.com/vulnerabilities/82221 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •