CVE-2014-4770 Information

Description

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47 7.0 before 7.0.0.35 8.0 before 8.0.0.10 and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

Reference

http://secunia.com/advisories/61418 http://secunia.com/advisories/61423 http://www.kb.cert.org/vuls/id/573356 http://www.securityfocus.com/bid/69981 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055 http://www-01.ibm.com/support/docview.wss?uid=swg21682767 https://exchange.xforce.ibmcloud.com/vulnerabilities/95209