Primary

Context

IBM WebSphere Application Server Liberty Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in IBM WebSphere Application Server Liberty versions 17.0.0.3 prior to 25.0.0.9. This vulnerability allows a privileged user to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credential disclosure within a trusted session.

Impact

Exploitation of this vulnerability could result in stored cross-site scripting, allowing injected JavaScript to be executed in the context of the user.

Remediation

Users are advised to upgrade to IBM WebSphere Application Server Liberty Fix Pack 25.0.0.9 or later. Alternatively, for versions 17.0.0.3 to 25.0.0.8 using the adminCenter-1.0 feature, upgrade to the required fix pack level and apply the Interim Fix for APAR PH66669.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.5

exploitability

5.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.5

exploitability

5.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM WebSphere Application Server Liberty Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM WebSphere Application Server Liberty

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating