Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2013-05-28T16:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2012-12-16T00:00:00
Link: CVE-2013-0499
JSON object: View
NVD Information
Status : Modified
Published: 2013-05-28T16:55:01.133
Modified: 2017-08-29T01:33:03.857
Link: CVE-2013-0499
JSON object: View
Redhat Information
No data.
CWE