VULHUB ™

IBM Websphere is prone to a cross-site scripting vulnerability. IBM Websphere, under some circumstances, does not filter script code from URL parameters. This may enable an attacker to create a malicious link which contains arbitrary script code. The malicious link must contain a single dot-dot-slash (../) sequence, followed by the arbitrary script code. For example: http://websphereserver/../<script>alert('helloworld')</script>

IBM Websphere is prone to a cross-site scripting vulnerability. IBM Websphere, under some circumstances, does not filter script code from URL parameters. This may enable an attacker to create a malicious link which contains arbitrary script code. The malicious link must contain a single dot-dot-slash (../) sequence, followed by the arbitrary script code. For example: http://websphereserver/../<script>alert('helloworld')</script>