IBM WebSphere Traversal Error Page XSS

This script is Copyright (C) 2002-2013 Tenable Network Security, Inc.


Synopsis :

The remote web server is itself prone to cross-site scripting
attacks.

Description :

The remote web server seems to be vulnerable to cross-site scripting
attacks because it fails to sanitize input supplied as a filename when
displaying an error page.

The vulnerability would allow an attacker to make the server present
the user with the attacker's JavaScript/HTML code. Since the content
is presented by the server, the user will give it the trust level of
the server (for example, the trust level of banks, shopping centers,
etc would usually be high).

Solution :

Upgrade to the latest version of WebSphere.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false

Family: CGI abuses : XSS

Nessus Plugin ID: 11010 ()

Bugtraq ID: 2401

CVE ID: