|CERT-In Vulnerability Note
Cross Site Scripting vulnerability in IBM WebSphere Portal
Original Issue Date:February 12, 2018
Severity Rating: MEDIUM
- IBM WebSphere 7.0
- IBM WebSphere 8.0
- IBM WebSphere 8.5
- IBM WebSphere 9.0
A Vulnerability has been reported in IBM WebSphere Portal which could be exploited by remote attacker to conduct cross site scripting (XSS) attacks on the targeted system.
This vulnerability exists in IBM WebSphere Portal due to insufficient validation of user-supplied input by the affected system. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code in the context of the targeted users browser and allow the attacker to obtain sensitive information.
Apply appropriate updates as mentioned in the following vendor advisories:
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003