CVE-2011-5048

Name of the Vulnerable Software and Affected Versions IBM Web Experience Factory versions 7.0 through 7.0.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via a text INPUT element or TEXTAREA element, related to an interaction between Smart Refresh and Dojo. This can be exploited to conduct cross-site scripting (XSS) attacks.

Recommendations For IBM Web Experience Factory versions 7.0 through 7.0.1, consider disabling the Smart Refresh feature as a temporary workaround until a patch is available. Restrict access to TEXTAREA and INPUT elements to minimize the risk of exploitation.