EUVD-2018-12399

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM WebSphere Portal versions 8.0, 8.5, and 9.0 vulnerable to cross-site scripting attack

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.	20 Dec 201800:00	–	bdu_fstec
CNVD	IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2018-20234)	28 Sep 201800:00	–	cnvd
CVE	CVE-2018-1820	27 Sep 201819:00	–	cve
Cvelist	CVE-2018-1820	27 Sep 201819:00	–	cvelist
NVD	CVE-2018-1820	27 Sep 201819:29	–	nvd
OSV	CVE-2018-1820	27 Sep 201819:29	–	osv
Prion	Cross site scripting	27 Sep 201819:29	–	prion
Tenable Nessus	IBM WebSphere Portal XSS Vulnerability (CVE-2018-1820)	18 Sep 201900:00	–	nessus

[
  {
    "enisaIdVendor": [
      {
        "id": "f5a52e83-96a3-35d9-b96a-506013aba9c1",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "4dd1b5b6-a7d5-3ee2-ab6c-ae5b0499d416",
        "product": {
          "name": "WebSphere Portal"
        },
        "product_version": "9.0"
      },
      {
        "id": "a7e2cc8f-56df-3620-aa0d-a60e6aad7b17",
        "product": {
          "name": "WebSphere Portal"
        },
        "product_version": "8.0"
      },
      {
        "id": "c959f528-fef2-3783-8f17-399750974185",
        "product": {
          "name": "WebSphere Portal"
        },
        "product_version": "8.5"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/docview.wss
securitytracker	www.securitytracker.com/id/1041751
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/150096
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

5.5Medium risk

Vulners AI Score5.5

CVSS 35.4

CVSS 23.5

EPSS0.00237