CVE-2014-6196

Currently unrated

Key Information:

Vendor: IBM
Status: Web Experience Factory
Vendor: CVE Published:; 26 November 2014

Summary

Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1LO82674

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21690018

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1LO82675

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Nov 26, 2014
Vulnerability Reserved
Sep 2, 2014