Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM Worklight 跨站脚本漏洞
Vulnerability Description
IBM Worklight是美国IBM公司的一套用于开发、测试、管理和保护HTML5、混合和本机移动应用程序的解决方案。 IBM Worklight中存在跨站脚本漏洞。远程攻击者可向Web UI中注入任意JavaScript代码。以下版本受到影响:IBM Worklight 6.1版本,6.2版本,6.3版本,7.0版本,7.1版本,8.0版本。
CVSS Information
N/A
Vulnerability Type
N/A