IBM WebSphere Commerce bis 8.0.0.0 Cross Site Scripting

EintraganpassenHistoryDiffjsonxmlCTI

Eine Schwachstelle wurde in IBM WebSphere Commerce bis 8.0.0.0 (Application Server Software) gefunden. Sie wurde als problematisch eingestuft. Dies betrifft ein unbekannter Teil. Ein Upgrade auf die Version 8.0.0.1 vermag dieses Problem zu beheben.

Feld19.01.2016 10:0917.06.2018 09:42
typeApplication Server SoftwareApplication Server Software
vendorIBMIBM
nameWebSphere CommerceWebSphere Commerce
version<=8.0.0.0<=8.0.0.0
cwe79 (Cross Site Scripting)79 (Cross Site Scripting)
risk11
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore4.44.4
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss3_meta_basescore6.16.1
cvss3_meta_tempscore5.85.8
cvss3_vuldb_basescore6.16.1
cvss3_vuldb_tempscore5.85.8
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sCC
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sCC
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
date1453075200 (18.01.2016)1453075200 (18.01.2016)
urlhttp://www-01.ibm.com/support/docview.wss?uid=swg21972610http://www-01.ibm.com/support/docview.wss?uid=swg21972610
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
upgrade_version8.0.0.18.0.0.1
cveCVE-2015-5008CVE-2015-5008
cve_nvd_published14530752001453075200
cve_nvd_summaryCross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
seealso8031380313
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore6.16.1
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
confirm_urlhttp://www-01.ibm.com/support/docview.wss?uid=swg21972610
cve_assigned1435104000

Do you know our Splunk app?

Download it now for free!