CVE-2002-1167

IBM Web Traffic Express <4.0.1.26 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1167. PoCs published by Rapid7.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in IBM WebSphere Edge Server's Caching Proxy. The PoC constructs a malicious URL that injects arbitrary JavaScript code, which executes in the context of the victim's browser when visited.

Description

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rapid7 · textremoteunix

https://www.exploit-db.com/exploits/21947

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in IBM WebSphere Edge Server's Caching Proxy. The PoC constructs a malicious URL that injects arbitrary JavaScript code, which executes in the context of the victim's browser when visited.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: IBM WebSphere Edge Server (Caching Proxy component)

No auth needed

Prerequisites: Access to the target's Caching Proxy URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6000

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10453.php

Scores

EPSS 0.0328

EPSS Percentile 86.8%

Details

Status published

Products (2)

ibm/websphere_caching_proxy_server 3.6

ibm/websphere_caching_proxy_server 4.0

Published Nov 04, 2002

Tracked Since Feb 18, 2026