CVE-2004-1442

Name of the Vulnerable Software and Affected Versions: IBM Net.Data versions 7 and 7.2

Description: A cross-site scripting (XSS) issue exists due to improper handling of error messages, such as "DTWP001E", by the db2www CGI interpreter. This allows remote attackers to inject arbitrary web script or HTML via a macro filename.

Recommendations: For IBM Net.Data versions 7 and 7.2, consider disabling the db2www CGI interpreter until a patch is available to prevent exploitation of this issue. Restrict access to error messages that could be used to inject malicious scripts, such as those containing "DTWP001E".