CVE-2010-0357

Name of the Vulnerable Software and Affected Versions IBM Lotus Web Content Management (WCM) versions 6.0.1.4 through 6.0.1.6 before iFix 32 IBM Lotus Web Content Management (WCM) versions 6.1.0.1 through 6.1.0.2 before iFix 24

Description A cross-site scripting (XSS) issue exists in the Login page of IBM Lotus Web Content Management (WCM) for WebSphere Portal, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Recommendations For versions 6.0.1.4 through 6.0.1.6, apply iFix 32 to resolve the issue. For versions 6.1.0.1 through 6.1.0.2, apply iFix 24 to resolve the issue.