XSS vulnerability in WebSphere Portal V7.0 Page Builder theme

Flash (Alert)


Abstract

A cross-site scripting (XSS) vulnerability exists in the WebSphere Portal v7.0 Page Builder theme.

Content

A cross-site scripting (XSS) vulnerability exists in the WebSphere Portal v7.0 Page Builder (PageBuilder2) theme. The vulnerability may also exist in custom themes based on the default Page Builder theme, and exhibits the following CVSS scoring:
CVSS Base Score
  7.5
    Impact Subscore
      6.4
    Exploitability Subscore
      10
CVSS Temporal Score
  5.9
CVSS Environmental Score
  7.1
    Modified Impact Subscore
      6.4
Overall CVSS Score 7.1


IBM fixed this in Combined Cumulative Fix 006 (linked below) for WebSphere Portal and IBM Web Content Manager V7.0.0.1, but your custom themes may still require correction and a manual change to a portion of the code in your theme. Contact IBM Software Support for manual instructions to address this vulnerability by opening a Service Request (SR) or Problem Management Report (PMR) if you are using the V7.0.0.1 PageBuilder2 theme or your own custom theme based on this PageBuilder2 theme.


Change Revision
Originally published: June 28, 2011
Republished: September 13, 2012 with no technical revisions.


Related information

CF006


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Portal
Page Builder

Software version:

7.0

Operating system(s):

AIX, IBM i, Linux, Solaris, Windows, z/OS

Software edition:

Enable, Express, Extend, Hypervisor Edition, Server

Reference #:

1503959

Modified date:

2012-09-17

Translate my page

Machine Translation

Content navigation