CVE-2007-5798 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField (2) nameField (3) valueField and (4) frameReturn parameters.

Reference

http://osvdb.org/41618 http://secunia.com/advisories/27448 http://www.securityfocus.com/bid/26276 http://www.securitytracker.com/id?1018884 http://www.vupen.com/english/advisories/2007/3672 http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245 https://exchange.xforce.ibmcloud.com/vulnerabilities/38177