IBM Information for VU#270083

IBM VisualAge Professional vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has been informed that no patch/update is planned as the vulnerability exists in a section of the software that should be used for internal testing only.

If you have feedback, comments, or additional information about this vulnerability, please send us email.