CVE-2013-5378

IBM WebSphere Portal <8.0.0.1 CF8 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration.

References (5)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1PM95802

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1PM95881

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1PM97593

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21655634

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/86929

Scores

EPSS 0.0021

EPSS Percentile 43.0%

Details

CWE

CWE-79

Status published

Products (3)

ibm/websphere_portal

n/a/n/a

Published Nov 13, 2013

Tracked Since Feb 18, 2026