CVE-2009-4052 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet.
Reference
http://secunia.com/advisories/37442 http://www.osvdb.org/60319 http://www.securityfocus.com/bid/37083 http://www-01.ibm.com/support/docview.wss?uid=swg1PK90616 http://www-01.ibm.com/support/docview.wss?uid=swg1PK94324 http://www-01.ibm.com/support/docview.wss?uid=swg27012378 http://www-01.ibm.com/support/docview.wss?uid=swg27012558 https://exchange.xforce.ibmcloud.com/vulnerabilities/54360
Share on: