CVE-2011-2172

IBM WebSphere Portal 7.0.0.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (7)

[Third Party Advisory, VDB Entry] http://osvdb.org/72500

[Vendor Advisory] http://secunia.com/advisories/44700

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009

[Various Sources] http://www.ibm.com/support/docview.wss?uid=swg24029452

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/67594

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/47954

Scores

EPSS 0.0043

EPSS Percentile 62.1%

Classification

CWE

CWE-79

Status published

Affected Products (4)

ibm/websphere_portal

n/a/n/a

Timeline

Published May 26, 2011

Tracked Since Feb 18, 2026