CVE-2014-0910
IBM WebSphere Portal 6.1.0.0-6.1.0.6 CF27, 6.1.5.0-6.1.5.3 CF27, 7.0.0-7.0.0.2 CF28 - Authenticated Cross-Site Scripting
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-0910. PoCs published by Filippo Roncari.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in IBM WebSphere Portal's Web Content Management component. Authenticated users can inject arbitrary JavaScript via the Rich Text Editor using an 'img' tag with an 'onerror' event handler.
Description
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Exploits (1)
This exploit demonstrates a stored XSS vulnerability in IBM WebSphere Portal's Web Content Management component. Authenticated users can inject arbitrary JavaScript via the Rich Text Editor using an 'img' tag with an 'onerror' event handler.