Cross-Site Scripting Vulnerability in IBM Connections Portlets Product
CVE-2014-0855

Currently unrated

Key Information:

Vendor: IBM
Status: Connections Portlets
Vendor: CVE Published:; 14 February 2014

Summary

The vulnerability involves multiple cross-site scripting flaws present in IBM Connections Portlets 4.x prior to version 4.5.1 FP1, which are integrated into IBM WebSphere Portal versions 7.0.0.2 and 8.0.0.1. These vulnerabilities allow remote attackers to exploit unspecified vectors to inject arbitrary web scripts or HTML into users' browsers. This manipulation can lead to unauthorized actions taken on behalf of users, potentially exposing sensitive data or hijacking user sessions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90802

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21663921

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 14, 2014
Vulnerability Reserved
Jan 6, 2014