Vigil@nce - IBM Eclipse Help System: Cross Site Scripting via iehs.war
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use iehs.war to generate a Cross Site Scripting in
several IBM products, in order to execute JavaScript code in the
context of the victim’s web browser.
Impacted products: SPSS Data Collection
Severity: 2/4
Creation date: 31/05/2013
DESCRIPTION OF THE VULNERABILITY
Several IBM products uses help files, which are displayed through
the IBM Eclipse Help System viewer, provided by iehs.war.
However, an attacker can use iehs.war to generate a Cross Site
Scripting, in order to execute JavaScript code in the context of
the victim’s web browser.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-Eclipse-Help-System-Cross-Site-Scripting-via-iehs-war-12887