Summary
This host is installed with IBM Web Experience Factory and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to the IBM Web Experience Factory 7.0.1.2 or later For updates refer to http://www14.software.ibm.com/webapp/download/home.jsp
Insight
The flaws are due to improper validation of user-supplied input to 'INPUT' and 'TEXTAREA' elements.
Affected
IBM Web Experience Factory version 7.0 and 7.0.1
References
Severity
Classification
-
CVE CVE-2011-5048 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
- Apple Remote Desktop Information Disclosure Vulnerability
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)