A vulnerability has been discoverered in the Caching Proxy component bundled with the IBM Websphere Edge Server

vendor:

Websphere Edge Server

by:

SecurityFocus

8.3

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: Websphere Edge Server

Affected Version From: IBM Websphere Edge Server

Affected Version To: IBM Websphere Edge Server

Patch Exists: No

Related CWE: CVE-2002-0206

CPE: a:ibm:websphere_edge_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2002

A vulnerability has been discoverered in the Caching Proxy component bundled with the IBM Websphere Edge Server

It has been reported that the Caching Proxy is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which contains arbitrary HTML and script code, which will be executed in the web client of a user who visits the malicious link. Attacks of this nature may make it possible for attackers to steal cookie-based authentication credentials.

Mitigation:

No known mitigation

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6000/info

A vulnerability has been discoverered in the Caching Proxy component bundled with the IBM Websphere Edge Server.

It has been reported that the Caching Proxy is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which contains arbitrary HTML and script code, which will be executed in the web client of a user who visits the malicious link.

Attacks of this nature may make it possible for attackers to steal cookie-based authentication credentials.

Request the following path from the caching proxy server:

/"><img%20src="javascript:alert(document.domain)">