Solutions de vulnérabilité

L'analyse périodique de vulnérabilité Nimsoft Cloud Monitor vérifie la vulnérabilité ci-dessous. Pour connaître les solutions de vulnérabilité les plus récemment ajoutées analysées par WatchMouse, rendez-vous sur la vue d'ensemble Solutions de vulnérabilité

Catégorie: CGI abuses : XSS Facteur de risque: Medium Ajouté: 16 mars 2010
Synopsis:

A web application on the remote host has a cross-site scripting vulnerability.

Description:

The version of IBM WebSphere Portal / IBM Lotus Web Content Management running on the remote host has a cross-site scripting vulnerability. The query string passed to login.php is not properly
sanitized.

A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in the execution of arbitrary script code.

See also:

http://www.hacktics.com/content/advisories/AdvIBM20100224.html
http://archives.neohapsis.com/archives/bugtraq/2010-02/0226.html
http://www-01.ibm.com/support/docview.wss?uid=swg21421469

Solution:

Apply the relevant fix referenced in the IBM advisory.

Risk factor:

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)