Cross site scripting

2013-06-0321:55:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CPENameOperatorVersion
websphere_portaleq7.0.0.1
websphere_portaleq7.0.0.1 cf4
websphere_portaleq7.0.0.2 cf17
websphere_portaleq7.0.0.2 cf22
websphere_portaleq7.0.0.1 cf5
websphere_portaleq7.0.0.1 cf6
websphere_portaleq7.0.0.0 cf1
websphere_portaleq7.0.0.1 cf3
websphere_portaleq7.0.0.2 cf13
websphere_portaleq7.0.0.2 cf20

Name	Operator	Version
websphere_portal	eq	7.0.0.1
websphere_portal	eq	7.0.0.1 cf4
websphere_portal	eq	7.0.0.2 cf17
websphere_portal	eq	7.0.0.2 cf22
websphere_portal	eq	7.0.0.1 cf5
websphere_portal	eq	7.0.0.1 cf6
websphere_portal	eq	7.0.0.0 cf1
websphere_portal	eq	7.0.0.1 cf3
websphere_portal	eq	7.0.0.2 cf13
websphere_portal	eq	7.0.0.2 cf20