| Vulnerability Name: | CVE-2016-0244 (CCN-110445) | ||||||||||||
| Assigned: | 2015-12-08 | ||||||||||||
| Published: | 2016-02-23 | ||||||||||||
| Updated: | 2016-03-03 | ||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243. Appropriate Vendor Advisory Link: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21976358">HERE</a> | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-0244 Source: AIXAPAR Type: UNKNOWN PI55327 Source: CONFIRM Type: UNKNOWN http://www.ibm.com/support/docview.wss?uid=swg21975358 Source: CCN Type: IBM Security Bulletin 1976358 (WebSphere Portal) Fixes available for Security Vulnerabilities in IBM WebSphere Portal Source: XF Type: UNKNOWN ibm-websphere-cve20160244-xss(110445) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||