PT-2016-3652 · Ibm · Ibm Websphere Commerce
Published
2016-01-18
·
Updated
2019-09-30
·
CVE-2015-5009
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM WebSphere Commerce versions 6.0 through FP11
IBM WebSphere Commerce version 6.0 Feature Pack 4
IBM WebSphere Commerce versions 7.0 through FP9
IBM WebSphere Commerce versions 7.0 Feature Pack 5 through 8
IBM WebSphere Commerce versions 8.0 before 8.0.0.1
Description
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Recommendations
For IBM WebSphere Commerce versions 6.0 through FP11, update to a version after FP11.
For IBM WebSphere Commerce version 6.0 Feature Pack 4, update to a version after Feature Pack 4.
For IBM WebSphere Commerce versions 7.0 through FP9, update to a version after FP9.
For IBM WebSphere Commerce versions 7.0 Feature Pack 5 through 8, update to a version after 8.
For IBM WebSphere Commerce versions 8.0 before 8.0.0.1, update to version 8.0.0.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Websphere Commerce