XSS vulnerability in WebSphere Portal V7.0 Page Builder theme
A cross-site scripting (XSS) vulnerability exists in the WebSphere Portal v7.0 Page Builder theme.
A cross-site scripting (XSS) vulnerability exists in the WebSphere Portal v7.0 Page Builder (PageBuilder2) theme. The vulnerability may also exist in custom themes based on the default Page Builder theme, and exhibits the following CVSS scoring:
CVSS Base Score
CVSS Temporal Score
CVSS Environmental Score
Modified Impact Subscore
Overall CVSS Score 7.1
IBM fixed this in Combined Cumulative Fix 006 (linked below) for WebSphere Portal and IBM Web Content Manager V22.214.171.124, but your custom themes may still require correction and a manual change to a portion of the code in your theme. Contact IBM Software Support for manual instructions to address this vulnerability by opening a Service Request (SR) or Problem Management Report (PMR) if you are using the V126.96.36.199 PageBuilder2 theme or your own custom theme based on this PageBuilder2 theme.
Originally published: June 28, 2011
Republished: September 13, 2012 with no technical revisions.
More support for:
Software version: 7.0
Operating system(s): AIX, IBM i, Linux, Solaris, Windows, z/OS
Software edition: Enable, Express, Extend, Hypervisor Edition, Server
Reference #: 1503959
Modified date: 17 September 2012