Cross-Site Scripting Vulnerability in IBM WebSphere Portal
CVE-2018-1483

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Websphere Portal
Vendor
CVE Published:
11 April 2018

Summary

IBM WebSphere Portal versions 8.5 and 9.0 are susceptible to a Cross-Site Scripting (XSS) vulnerability that enables attackers to inject arbitrary JavaScript code into the Web User Interface. This exploitation can lead to unintended behavior and potentially compromise user credentials during a trusted session. The manipulation of the Web UI can allow malicious parties to perform unauthorized actions, emphasizing the need for prompt mitigation and security measures.

Affected Version(s)

WebSphere Portal 8.5

WebSphere Portal 9.0

References

https://www.ibm.com/support/docview.wss?uid=swg22015317
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/140918
x_refsource_MISC
http://www.securitytracker.com/id/1040644
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.