Vulnerability Name:

CVE-2005-4413 (CCN-23677)

Assigned:2005-12-15
Published:2005-12-15
Updated:2008-09-05
Summary:Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-4413

Source: CCN
Type: SECTRACK ID: 1015360
IBM WebSphere Input Validation Flaws in Certain Sample Scripts Permits Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1015360

Source: CCN
Type: IBM WebSphere Application Server Web page
Application Servers > WebSphere Application Server > WebSphere Application Server

Source: CCN
Type: Ioannis Web site
IBM WEBSPHERE 6 Sample scripts Cross site scripting

Source: MISC
Type: UNKNOWN
http://www.ipomonis.com/advisories/ibm_css.txt

Source: CCN
Type: OSVDB ID: 22099
IBM WebSphere /PlantsByWebSphere/login.jsp Email Field XSS

Source: CCN
Type: OSVDB ID: 22100
IBM WebSphere /TechnologySamples/BulletinBoard/index.html message Field XSS

Source: CCN
Type: OSVDB ID: 22101
IBM WebSphere /TechnologySamples/Subscription/SubscriptionJSP.jsp Email Field XSS

Source: CCN
Type: OSVDB ID: 22102
IBM WebSphere /TechnologySamples/MovieReview2_1/ Multiple Field XSS

Source: CCN
Type: OSVDB ID: 25378
IBM WebSphere Application Server (WAS) Caching Proxy Error Page XSS

Source: CCN
Type: OSVDB ID: 44262
IBM WebSphere Application Server (WAS) Samples Unspecified XSS (PK13968)

Source: BID
Type: UNKNOWN
15929

Source: CCN
Type: BID-15929
IBM WebSphere Application Server Sample Scripts Multiple HTML Injection Vulnerabilities

Source: XF
Type: UNKNOWN
websphere-multiple-xss(23677)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm websphere application server 6.0
    ibm websphere application server 6.0