Vulnerability Details CVE-2012-3293
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.1%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM60839
- http://www-01.ibm.com/support/docview.wss?uid=swg21606096
- http://www-01.ibm.com/support/docview.wss?uid=swg27022958
- http://www.securityfocus.com/bid/55149
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77179
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM60839
- http://www-01.ibm.com/support/docview.wss?uid=swg21606096
- http://www-01.ibm.com/support/docview.wss?uid=swg27022958
- http://www.securityfocus.com/bid/55149
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77179
Products affected by CVE-2012-3293
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.0
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.1
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.11
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.12
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.15
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.17
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.19
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.2
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.21
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.23
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.25
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.27
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.29
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.3
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.31
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.33
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.35
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.37
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.39
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.41
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.43
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.5
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.7
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.9
-
cpe:2.3:a:ibm:websphere_application_server:7.0
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.11
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.13
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.15
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.17
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.19
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.2
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.21
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.23
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.4
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.5
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.6
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.7
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.8
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.9
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.0
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.1
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.2
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.3
-
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0