CVE-2014-8909

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 6.1.0.x through 6.1.0.6 CF27 IBM WebSphere Portal versions 6.1.5.x through 6.1.5.3 CF27 IBM WebSphere Portal versions 7.0.0.x through 7.0.0.2 CF29 IBM WebSphere Portal versions 8.0.0.x before 8.0.0.1 CF15 IBM WebSphere Portal versions 8.5.0 before CF05

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This can be achieved by manipulating the URL in a way that injects malicious scripts or HTML code.

Recommendations For versions 6.1.0.x through 6.1.0.6 CF27, update to a version after 6.1.0.6 CF27. For versions 6.1.5.x through 6.1.5.3 CF27, update to a version after 6.1.5.3 CF27. For versions 7.0.0.x through 7.0.0.2 CF29, update to a version after 7.0.0.2 CF29. For versions 8.0.0.x before 8.0.0.1 CF15, update to 8.0.0.1 CF15 or later. For versions 8.5.0 before CF05, update to CF05 or later.