A cross-site scripting (XSS) vulnerability exists in the WebSphere Portal v7.0 Page Builder theme.
A cross-site scripting (XSS) vulnerability exists in the WebSphere Portal v7.0 Page Builder (PageBuilder2) theme. The vulnerability may also exist in custom themes based on the default Page Builder theme, and exhibits the following CVSS scoring:
CVSS Base Score
CVSS Temporal Score
CVSS Environmental Score
Modified Impact Subscore
Overall CVSS Score 7.1
IBM fixed this in Combined Cumulative Fix 006 (linked below) for WebSphere Portal and IBM Web Content Manager V126.96.36.199, but your custom themes may still require correction and a manual change to a portion of the code in your theme. Contact IBM Software Support for manual instructions to address this vulnerability by opening a Service Request (SR) or Problem Management Report (PMR) if you are using the V188.8.131.52 PageBuilder2 theme or your own custom theme based on this PageBuilder2 theme.
Originally published: June 28, 2011
Republished: September 13, 2012 with no technical revisions.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.