CVE-2015-1917

Sažetak

Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Reference

http://www.securityfocus.com/bid/75479
http://www.securitytracker.com/id/1032970
http://www-01.ibm.com/support/docview.wss?uid=swg1PI38732
http://www-01.ibm.com/support/docview.wss?uid=swg21958024

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

22-09-2017 - 01:29

Objavljeno

14-07-2015 - 14:59