CVE-2013-6328

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 6.1.0.x through 6.1.0.6 CF27 IBM WebSphere Portal versions 6.1.5.x through 6.1.5.3 CF27 IBM WebSphere Portal versions 7.0.0.x through 7.0.0.2 CF26 IBM WebSphere Portal versions 8.0.0.x before 8.0.0.1 CF09

Description A cross-site scripting (XSS) issue exists in the Web Content Manager (WCM) UI, allowing remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.

Recommendations For versions 6.1.0.x through 6.1.0.6 CF27, update to a version outside of this range to resolve the issue. For versions 6.1.5.x through 6.1.5.3 CF27, update to a version outside of this range to resolve the issue. For versions 7.0.0.x through 7.0.0.2 CF26, update to a version outside of this range to resolve the issue. For versions 8.0.0.x before 8.0.0.1 CF09, update to 8.0.0.1 CF09 or later to resolve the issue.