Vulnerability Details CVE-2015-7417
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI49272
- http://www-01.ibm.com/support/docview.wss?uid=swg21974520
- http://www.securityfocus.com/bid/81738
- http://www.securitytracker.com/id/1034783
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI49272
- http://www-01.ibm.com/support/docview.wss?uid=swg21974520
- http://www.securityfocus.com/bid/81738
- http://www.securitytracker.com/id/1034783
Products affected by CVE-2015-7417
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.0
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.11
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.13
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.15
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.17
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.19
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.2
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.21
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.23
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.25
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.27
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.29
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.31
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.33
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.35
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.37
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.39
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.4
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.5
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.7
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.9
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.0
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.1
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.10
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.11
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.2
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.3
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.4
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.5
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.6
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.7
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.8
-
cpe:2.3:a:ibm:websphere_application_server:8.0.0.9
-
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0
-
cpe:2.3:a:ibm:websphere_application_server:8.5.0.1
-
cpe:2.3:a:ibm:websphere_application_server:8.5.0.2
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.0
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.1
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.2
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.3
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.4
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.5
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.6
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.7
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.8