Cross-Site Scripting Vulnerability in IBM WebSphere Portal and Web Content Manager
CVE-2017-1303

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Websphere Portal
Vendor
CVE Published:
31 July 2017

Summary

IBM WebSphere Portal and Web Content Manager versions 7.0, 8.0, 8.5, and 9.0 are susceptible to a cross-site scripting (XSS) vulnerability. This flaw enables attackers to embed malicious JavaScript code within the Web UI, potentially compromising the functionality of web applications and enabling the unauthorized disclosure of user credentials during trusted sessions. Organizations utilizing these products should ensure they implement necessary mitigation strategies to safeguard against potential exploitation.

Affected Version(s)

WebSphere Portal 7.0

WebSphere Portal 8.0

WebSphere Portal 8.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/125457
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22004979
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100007
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.