| Vulnerability Name: | CVE-2011-2754 (CCN-68337) | ||||||||
| Assigned: | 2011-06-28 | ||||||||
| Published: | 2011-06-28 | ||||||||
| Updated: | 2011-07-19 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-2754 Source: CCN Type: SA45106 IBM Products PageBuilder2 Theme Cross-Site Scripting Vulnerability Source: SECUNIA Type: Vendor Advisory 45106 Source: CCN Type: IBM Support and Downloads XSS vulnerability in WebSphere Portal V7.0 Page Builder theme Source: CONFIRM Type: UNKNOWN http://www.ibm.com/support/docview.wss?uid=swg21503959 Source: CCN Type: OSVDB ID: 73524 IBM Multiple Products PageBuilder2 Theme Unspecified XSS Source: XF Type: UNKNOWN websphere-portal-pagebuilder2-xss(68337) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||