CVE-2016-2925

MEDIUM

IBM Websphere Portal - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References (4)

[Broken Link] http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749

[Mitigation, VDB Entry, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21986461

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036454

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92180

Scores

CVSS v3 5.4

EPSS 0.0014

EPSS Percentile 33.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (17)

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

ibm/websphere_portal

... and 2 more

Timeline

Published Aug 08, 2016

Tracked Since Feb 18, 2026