Cross-site scripting in IBM WebSphere Portal

Published: 2018-04-11 11:36:01
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-1445
CVSSv3 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CWE ID CWE-79
Exploitation vector Network
Public exploit N/A
Vulnerable software WebSphere Portal
Vulnerable software versions WebSphere Portal 8.0.0.0
WebSphere Portal 8.0.0.1
WebSphere Portal 8.5.0.0

Show more

Vendor URL IBM Corporation

Security Advisory

1) Cross-site scripting

Description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Update 9.0 or 8.5.0 to CF16 and 8.0.0 or 8.0.0.1 to CF23.

External links

http://www-01.ibm.com/support/docview.wss?uid=swg22015407

Back to List