Skip to Content

API Connect Developer Portal XSS (CVE-2018-1430)​


Posted by Vasilis Sikkis

10 April 2023


           

API Connect Developer Portal is affected by cross-site scripting vulnerability (CVE-2018-1430)

 

Software:  API Connect Developer Portal version 5.0.8.1

Vendor:    IBM

Vulnerability Type: Cross-Site Scripting

Remote:    Yes

Authentication:   Yes

Discovered:    9 March 2018

Reported:    13 March 2018

Disclosed:    27 April 2018

VULNERABILITY DESCRIPTION:

IBM API Connect Developer Portal is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, thus altering the intended functionality and potentially leading to credentials disclosure within a trusted session.  

The Security bulletin from IBM can be found in the following link: 

https://www.ibm.com/support/pages/node/303689


Recommended Post

LFI Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta

07 April 2009

XSS Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package)

07 April 2009