vendor:
IBM WebSphere Portal
by:
Unknown
7.5
CVSS
HIGH
HTML-injection
79
CWE
Product Name: IBM WebSphere Portal
Affected Version From: 6.0.1.5 Build Level wp6015_008_01
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:ibm:websphere_portal:6.0.1.5
Platforms Tested:
Unknown
HTML-injection vulnerability in IBM WebSphere Portal
An authenticated attacker can execute arbitrary script code in the browser of an unsuspecting user, steal authentication credentials, and launch other attacks.
Mitigation:
Apply the vendor's patch or upgrade to a non-vulnerable version.