|CERT-In Vulnerability Note
Cross-Site Scripting Vulnerability in IBM WebSphere Portal
Original Issue Date:January 12, 2018
Severity Rating: MEDIUM
- IBM WebSphere Portal 8.5
- IBM WebSphere Portal 9
A Vulnerability has been reported in IBM WebSphere Portal which could allow an unauthenticated remote attacker to conduct cross-site scripting attacks.
A Vulnerability exists in IBM WebSphere Portal due to improper filtering of HTML code from user-supplied input before displaying the input. An attacker could exploit this vulnerability by executing arbitrary scripting code by the target user's browser.
Successful exploitation of this vulnerability could allow the attacker to access the target user's cookies (including authentication cookies), which could lead to credentials disclosure within a trusted session.
Apply appropriate updates as mentioned by vendor:
The information provided herein is on "as is" basis, without warranty of any kind.
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003