| Vulnerability Name: | CVE-2015-7413 (CCN-107570) | ||||||||
| Assigned: | 2015-11-27 | ||||||||
| Published: | 2015-11-27 | ||||||||
| Updated: | 2017-09-14 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||||||
| CVSS v3 Severity: | 6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-7413 Source: AIXAPAR Type: UNKNOWN PI50844 Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21970176 Source: CCN Type: IBM Security Bulletin 1970176 (WebSphere Portal) Fix Available for Security Vulnerabilities in IBM WebSphere Portal (CVE-2015-4993, CVE-2015-4998, CVE-2015-5001, CVE-2015-7413) Source: SECTRACK Type: UNKNOWN 1034284 Source: XF Type: UNKNOWN ibm-websphere-cve20157413-xss(107570) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||