Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo.
CPE | Name | Operator | Version |
---|---|---|---|
web_experience_factory | eq | 7.0 | |
web_experience_factory | eq | 7.0.1 |