VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 9, 2010· Updated Apr 29, 2026

CVE-2010-4220

CVE-2010-4220

Description

Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting in IBM WebSphere Application Server 7.0 before 7.0.0.13 Integrated Solution Console allows remote attackers to inject arbitrary web script or HTML via URL injection.

Vulnerability

The Integrated Solution Console in the Administrative Console component of IBM WebSphere Application Server (WAS) 7.0 before version 7.0.0.13 contains a cross-site scripting (XSS) vulnerability. The issue involves URL injection, allowing arbitrary web script or HTML injection via unspecified vectors. [1]

Exploitation

An attacker can exploit this vulnerability by sending a crafted request to the vulnerable console, causing the injected script to execute in the context of the affected application. No authentication is required, and the attacker only needs network access to the Admin Console. [1]

Impact

Successful exploitation allows remote attackers to inject arbitrary web script or HTML, potentially leading to session theft, credential theft, or other malicious actions within the context of the victim's browser session. [1]

Mitigation

IBM released a fix in version 7.0.0.13. Users should upgrade to this version or later. No workarounds are documented in the available references. [1]

References
  1. Fix list for IBM WebSphere Application Server V7.0

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

14
  • IBM/Websphere Application Server14 versions
    cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
    • (no CPE)range: <7.0.0.13

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.