CVE-2015-1908

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 6.1.0 through 6.1.0.6 CF27 IBM WebSphere Portal versions 6.1.5 through 6.1.5.3 CF27 IBM WebSphere Portal versions 7.0.0 through 7.0.0.2 CF29 IBM WebSphere Portal versions 8.0.0 before 8.0.0.1 CF16 IBM WebSphere Portal versions 8.5.0 through CF05

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This affects products that use Web Content Manager.

Recommendations For versions 6.1.0 through 6.1.0.6 CF27, update to a version outside of this range to mitigate the risk. For versions 6.1.5 through 6.1.5.3 CF27, update to a version outside of this range to mitigate the risk. For versions 7.0.0 through 7.0.0.2 CF29, update to a version outside of this range to mitigate the risk. For versions 8.0.0 before 8.0.0.1 CF16, update to version 8.0.0.1 CF16 or later to mitigate the risk. For versions 8.5.0 through CF05, update to a version outside of this range to mitigate the risk.