CVE-2015-1917

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 6.1.0 through 6.1.0.6 CF27 IBM WebSphere Portal versions 6.1.5 through 6.1.5.3 CF27 IBM WebSphere Portal versions 7.0.0 through 7.0.0.2 CF29 IBM WebSphere Portal versions 8.0.0 through 8.0.0 before 8.0.0.1 CF17 IBM WebSphere Portal versions 8.5.0 before CF06

Description The issue is related to a cross-site scripting (XSS) vulnerability in the Active Content Filtering component. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. The vulnerability exists due to insufficient protection of the web page structure, which can be exploited by a remote attacker to inject malicious code.

Recommendations For versions 6.1.0 through 6.1.0.6 CF27, update to a version outside of this range to mitigate the risk. For versions 6.1.5 through 6.1.5.3 CF27, update to a version outside of this range to mitigate the risk. For versions 7.0.0 through 7.0.0.2 CF29, update to a version outside of this range to mitigate the risk. For versions 8.0.0 before 8.0.0.1 CF17, update to 8.0.0.1 CF17 or later to resolve the issue. For versions 8.5.0 before CF06, update to CF06 or later to resolve the issue.