VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 15, 2012· Updated Apr 29, 2026

CVE-2011-5065

CVE-2011-5065

Description

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM WebSphere Application Server 6.1 before 6.1.0.41 contains a stored/persistent XSS vulnerability in web messaging, allowing remote attackers to inject arbitrary script or HTML.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in IBM WebSphere Application Server (WAS) 6.1 for z/OS prior to version 6.1.0.41 [1]. The issue affects the web messaging component, specifically described in APAR PM37840 [1]. The vulnerability allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. All users of WAS V6.1 for z/OS are affected [1].

Exploitation

A remote attacker can exploit this vulnerability without requiring authentication; no special network position or user interaction is needed other than a victim viewing crafted content. The attacker injects malicious script or HTML into web messaging data, which is then served to other users [1].

Impact

Successful exploitation leads to arbitrary script or HTML execution in the context of the affected WebSphere application. This could result in disclosure of sensitive information, session hijacking, or defacement. The attacker does not gain direct server control but can perform actions as the victim user [1].

Mitigation

The fix is included in IBM WebSphere Application Server V6.1 Fix Pack 6.1.0.41 [1]. Users should upgrade to 6.1.0.41 or later. No workarounds are documented in the available references.

References
  1. PM49872: SHIP APAR FIXES FOR H28W610 FIX PACK 6.1.0.41.

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

32
  • IBM/Websphere Application Server32 versions
    cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*+ 31 more
    • cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.37:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.39:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*
    • (no CPE)range: <= 6.1.0.40

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.