CVE-2008-5228

IBM WCM <6.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded."

References (6)

[Vendor Advisory] http://secunia.com/advisories/32763

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1PK73108

[Patch] http://www-01.ibm.com/support/docview.wss?uid=swg1PK73933

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/32408

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46749

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/3234

Scores

EPSS 0.0046

EPSS Percentile 64.0%

Classification

CWE

CWE-79

Status published

Affected Products (3)

ibm/workplace_content_management

ibm/workplace_content_management

n/a/n/a

Timeline

Published Nov 25, 2008

Tracked Since Feb 18, 2026