CVE-2015-1944

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 8.0.0 through 8.0.0.1 CF16 IBM WebSphere Portal versions 8.5.0 through 8.5.0 CF05

Description The issue exists due to insufficient protection of the web page structure. It allows a remote attacker to inject arbitrary web or HTML code using a specially crafted URL. This is a cross-site scripting (XSS) issue, which can be exploited by remote authenticated users.

Recommendations For IBM WebSphere Portal versions 8.0.0 through 8.0.0.1 CF16, update to version 8.0.0.1 CF17 or later. For IBM WebSphere Portal versions 8.5.0 through 8.5.0 CF05, update to version 8.5.0 CF06 or later.