Cross-Site Scripting Vulnerability in IBM Web Experience Factory by IBM
CVE-2014-6196

Currently unrated

Key Information:

Vendor: IBM
Status: Web Experience Factory
Vendor: CVE Published:; 26 November 2014

Summary

A cross-site scripting (XSS) vulnerability exists in IBM Web Experience Factory versions 6.1.5 through 8.5.0.1. This flaw affects the WebSphere Dashboard Framework and Lotus Widget Factory, enabling remote attackers to inject arbitrary web scripts or HTML. The vulnerability arises from an error in the Dojo builder during specific WebSphere Portal configurations, resulting in improper response page construction by the application. Organizations should consider implementing the recommended patches and applying necessary security measures to safeguard against potential exploitation.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1LO82674

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21690018

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1LO82675

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Nov 26, 2014
Vulnerability Reserved
Sep 2, 2014