CNNVD-202512-871 Information
CNNVD ID
CNNVD-202512-871
Related CVE
- CNNVD Published: 2025-12-08
Description (Chinese)
IBM WebSphere Application Server(WAS)和IBM WebSphere Application Server Liberty都是美国国际商业机器(IBM)公司的产品。IBM WebSphere Application Server是一款应用服务器产品。该产品是JavaEE和Web服务应用程序的平台,也是IBMWebSphere软件平台的基础。IBM WebSphere Application Server Liberty是一款构建于Open Liberty项目之上的Java应用程序服务器。 IBM WebSphere Application Server 8.5版本、9.0版本和IBM WebSphere Application Server Liberty 17.0.0.3版本至25.0.0.12版本存在跨站脚本漏洞,该漏洞源于输入验证不足,可能导致跨站脚本攻击。
Description (English)
IBM WebSphere Application Server (WAS) and IBM WebSphere Application Server Lily are products of the United States International Business Machine (IBM). IBM WebSphere Application Server is an application server product. The product is the platform for JavaEE and Web service applications and the basis for the IBMWebSphere software platform. IBM WebSphere Application Server Liberty is a Java application server built on the Open Liberty project. The IBM WebSphere Application Server 8.5, 9.0, and IBM WebSphere Application Services 17.0.0.3 to 25.0.0.12 have cross-site script gaps, which stem from inadequate input validation and may lead to cross-site script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
国际商业机器
Published
2025-12-08
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7254078 https://vigilance.fr/vulnerability/IBM-WebSphere-Application-Server-Cross-Site-Scripting-dated-09-12-2025-49021 https://access.redhat.com/security/cve/cve-2025-12635
Patch
https://www.ibm.com/support/pages/node/7254078
Share on: