|CERT-In Vulnerability Note
Cross-Site Scripting Vulnerability in IBM WebSphere Portal
Original Issue Date:March 12, 2018
Severity Rating: MEDIUM
- IBM WebSphere Portal 8.5
- IBM WebSphere Portal 9
Vulnerability has been reported in IBM WebSphere Portal which could allow an unauthenticated remote attacker toconduct cross-site scripting attacks.
Vulnerability exists in IBM WebSphere Portal due to improper filtering of HTML code from user-supplied input before displaying the input. An attacker could exploit this vulnerability by executing arbitrary scripting code by the target users browser.
Successful exploitation of this vulnerability could allow the attacker to access the target users cookies (including authentication cookies), which could lead to credentials disclosure within a trusted session.
Apply appropriate updates as mentioned by vendor:
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003