PT-2009-6233 · Ibm · Jsf Widget Library Runtime+2
Published
2009-11-23
·
Updated
2017-08-17
·
CVE-2009-4052
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Rational Application Developer for WebSphere Software versions prior to 7.0.0.10
IBM Rational Software Architect versions prior to 7.0.0.10
Description
The issue involves multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific vectors, including the JSF Tree Control and the JavaScript Resource Servlet.
Recommendations
For IBM Rational Application Developer for WebSphere Software versions prior to 7.0.0.10, update to version 7.0.0.10 or later.
For IBM Rational Software Architect versions prior to 7.0.0.10, update to version 7.0.0.10 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rational Application Developer For Websphere
Rational Software Architect
Jsf Widget Library Runtime