CVE-2013-6323
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0029 (0.3%)
Percentile: 52.4%
EPSS: 2026-05-06
Affects
ibm:websphere_virtual_enterpriseibm:websphere_application_serverTechnical description
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Published: 5/1/2014, 5:29:56 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880
- http://www-01.ibm.com/support/docview.wss?uid=swg21669554
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- http://www.securityfocus.com/bid/67720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88903
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777