VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 8, 2011· Updated Apr 29, 2026

CVE-2011-1308

CVE-2011-1308

Description

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting (XSS) in IBM WebSphere Application Server's IVT component allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability

The Installation Verification Test (IVT) application in the Install component of IBM WebSphere Application Server (WAS) before version 7.0.0.15 contains a cross-site scripting (XSS) vulnerability. The bug is reachable through unspecified vectors [1].

Exploitation

A remote attacker can exploit this by sending crafted input to the IVT application. The attacker does not need authentication, but some user interaction (e.g., clicking a malicious link) may be required to execute the injected script in the victim's browser context [1].

Impact

Successful exploitation allows the attacker to inject arbitrary web script or HTML into the IVT application's response, leading to potential disclosure of sensitive information or session hijacking within the security context of the application [1].

Mitigation

IBM fixed this issue in WebSphere Application Server version 7.0.0.15 [1]. Users should upgrade to this version or later. No workaround is documented; if upgrade is not possible, restrict access to the IVT application to trusted users only.

References
  1. Fix list for IBM WebSphere Application Server V7.0

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

140
  • IBM/Websphere Application Server140 versions
    cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*+ 139 more
    • cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*range: <=7.0.0.13
    • cpe:2.3:a:ibm:websphere_application_server:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.0.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.0.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.52:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:3.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.14:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.16:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:5.1.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.27:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.28:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.30:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.32:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
    • (no CPE)range: <7.0.0.15

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.