Cross-Site Scripting Vulnerability in Exphox WebRadar
CVE-2016-8922

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Portal
Vendor: CVE Published:; 1 February 2017

Summary

Exphox WebRadar is exposed to a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code into the Web UI. This exploit can manipulate the intended functionality of the application, potentially leading to the unauthorized disclosure of user credentials during trusted sessions. Protecting against this vulnerability is essential to maintaining the integrity and security of user information.

Affected Version(s)

WebSphere Portal 5.1.0.0

WebSphere Portal 5.1.0.1

WebSphere Portal 5.1.0.2

References

http://www.ibm.com/support/docview.wss?uid=swg21993561

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94413

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Oct 25, 2016