Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28231
HistoryJul 09, 2012 - 12:00 a.m.

IBM Edge Components Caching Proxy XSS Followup

2012-07-0900:00:00
vulners.com
23
JSON

Rapid7 probably found this vulnerability on October 23 2002
http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE-
2002-1167

They don't show the output and specify it is error message but the
injection method is the same. The update is it works on IBM Edge
Components Caching Proxy - International English Edition 6.0.2

Reproduce by request nonexistant host and seeing it reflected in error
message -

GET http://server/"<script>alert('NOHUGS')</script> HTTP/1.0

JSON