CVE-2013-0461: XSS
First published: Sun Jan 27 2013(Updated: )
Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.31 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.33 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.35 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.37 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.39 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.41 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.43 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.45 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-0461?
CVE-2013-0461 has a medium severity rating due to its potential impact on web application security through cross-site scripting (XSS).
How do I fix CVE-2013-0461?
To fix CVE-2013-0461, you should update IBM WebSphere Application Server to the latest version that is not vulnerable, specifically versions 6.1.0.47, 7.0.0.27, 8.0.0.6, or 8.5.0.2 and later.
Who is affected by CVE-2013-0461?
CVE-2013-0461 affects IBM WebSphere Application Server versions prior to 6.1.0.47, 7.0.0.27, 8.0.0.6, and 8.5.0.2.
What type of vulnerability is CVE-2013-0461?
CVE-2013-0461 is classified as a cross-site scripting (XSS) vulnerability.
Can CVE-2013-0461 be exploited remotely?
Yes, CVE-2013-0461 can be exploited by remote attackers through the injection of arbitrary web script or HTML.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere application server feature pack for web services
- version/ibm websphere application server feature pack for web services/6.1.0.0
- version/ibm websphere application server feature pack for web services/6.1.0.1
- version/ibm websphere application server feature pack for web services/6.1.0.2
- version/ibm websphere application server feature pack for web services/6.1.0.3
- version/ibm websphere application server feature pack for web services/6.1.0.5
- version/ibm websphere application server feature pack for web services/6.1.0.7
- version/ibm websphere application server feature pack for web services/6.1.0.9
- version/ibm websphere application server feature pack for web services/6.1.0.11
- version/ibm websphere application server feature pack for web services/6.1.0.12
- version/ibm websphere application server feature pack for web services/6.1.0.13
- version/ibm websphere application server feature pack for web services/6.1.0.14
- version/ibm websphere application server feature pack for web services/6.1.0.15
- version/ibm websphere application server feature pack for web services/6.1.0.17
- version/ibm websphere application server feature pack for web services/6.1.0.19
- version/ibm websphere application server feature pack for web services/6.1.0.21
- version/ibm websphere application server feature pack for web services/6.1.0.23
- version/ibm websphere application server feature pack for web services/6.1.0.25
- version/ibm websphere application server feature pack for web services/6.1.0.27
- version/ibm websphere application server feature pack for web services/6.1.0.29
- version/ibm websphere application server feature pack for web services/6.1.0.31
- version/ibm websphere application server feature pack for web services/6.1.0.33
- version/ibm websphere application server feature pack for web services/6.1.0.35
- version/ibm websphere application server feature pack for web services/6.1.0.37
- version/ibm websphere application server feature pack for web services/6.1.0.39
- version/ibm websphere application server feature pack for web services/6.1.0.41
- version/ibm websphere application server feature pack for web services/6.1.0.43
- version/ibm websphere application server feature pack for web services/6.1.0.45
- version/ibm websphere application server feature pack for web services/7.0
- version/ibm websphere application server feature pack for web services/7.0.0.1
- version/ibm websphere application server feature pack for web services/7.0.0.2
- version/ibm websphere application server feature pack for web services/7.0.0.3
- version/ibm websphere application server feature pack for web services/7.0.0.5
- version/ibm websphere application server feature pack for web services/7.0.0.7
- version/ibm websphere application server feature pack for web services/7.0.0.9
- version/ibm websphere application server feature pack for web services/7.0.0.11
- version/ibm websphere application server feature pack for web services/7.0.0.13
- version/ibm websphere application server feature pack for web services/7.0.0.15
- version/ibm websphere application server feature pack for web services/7.0.0.17
- version/ibm websphere application server feature pack for web services/7.0.0.19
- version/ibm websphere application server feature pack for web services/7.0.0.21
- version/ibm websphere application server feature pack for web services/7.0.0.23
- version/ibm websphere application server feature pack for web services/7.0.0.25
- version/ibm websphere application server feature pack for web services/8.0.0.0
- version/ibm websphere application server feature pack for web services/8.0.0.1
- version/ibm websphere application server feature pack for web services/8.0.0.2
- version/ibm websphere application server feature pack for web services/8.0.0.3
- version/ibm websphere application server feature pack for web services/8.0.0.4
- version/ibm websphere application server feature pack for web services/8.0.0.5
- version/ibm websphere application server feature pack for web services/8.5.0.0
- version/ibm websphere application server feature pack for web services/8.5.0.1