CVE-2014-8902

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 6.1.0 through 6.1.0.6 CF27 IBM WebSphere Portal versions 6.1.5 through 6.1.5.3 CF27 IBM WebSphere Portal versions 7.0.0 through 7.0.0.2 CF29 IBM WebSphere Portal versions 8.0.0 through 8.0.0.1 CF14 IBM WebSphere Portal versions 8.5.0 before CF04

Description A cross-site scripting (XSS) issue exists in the Blog Portlet of IBM WebSphere Portal, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

Recommendations For versions 6.1.0 through 6.1.0.6 CF27, update to a version after CF27 to resolve the issue. For versions 6.1.5 through 6.1.5.3 CF27, update to a version after CF27 to resolve the issue. For versions 7.0.0 through 7.0.0.2 CF29, update to a version after CF29 to resolve the issue. For versions 8.0.0 through 8.0.0.1 CF14, update to a version after CF14 to resolve the issue. For versions 8.5.0 before CF04, update to CF04 or later to resolve the issue.