CVE-2014-8902 in WebSphere Portalinfo

Summary

Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/14/2014

Disclosure

12/18/2014

Status

Confirmed

Entries

CVSS

4.3

EPSS

0.00266

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-8902
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-8902
CVE Details	https://www.cvedetails.com/cve/CVE-2014-8902/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!