Flash (Alert)
Abstract
A cross-site scripting (XSS) vulnerability exists in the WebSphere Portal v7.0 Page Builder theme.
Content
A cross-site scripting (XSS) vulnerability exists in the WebSphere Portal v7.0 Page Builder (PageBuilder2) theme. The vulnerability may also exist in custom themes based on the default Page Builder theme, and exhibits the following CVSS scoring:
CVSS Base Score
7.5
Impact Subscore
6.4
Exploitability Subscore
10
CVSS Temporal Score
5.9
CVSS Environmental Score
7.1
Modified Impact Subscore
6.4
Overall CVSS Score 7.1
IBM fixed this in Combined Cumulative Fix 006 (linked below) for WebSphere Portal and IBM Web Content Manager V7.0.0.1, but your custom themes may still require correction and a manual change to a portion of the code in your theme. Contact IBM Software Support for manual instructions to address this vulnerability by opening a Service Request (SR) or Problem Management Report (PMR) if you are using the V7.0.0.1 PageBuilder2 theme or your own custom theme based on this PageBuilder2 theme.
Change Revision
Originally published: June 28, 2011
Republished: September 13, 2012 with no technical revisions.
Related information
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.