CVE-2016-0243

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 6.1.0.x through 6.1.0.6 CF27 IBM WebSphere Portal versions 6.1.5.x through 6.1.5.3 CF27 IBM WebSphere Portal versions 7.x through 7.0.0.2 CF29 IBM WebSphere Portal versions 8.0.x before 8.0.0.1 CF20 IBM WebSphere Portal versions 8.5.x before 8.5.0.0 CF09

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This occurs due to insufficient protection of the web page structure, enabling a remote attacker to embed arbitrary web or HTML code using a specially formed URL.

Recommendations For versions 6.1.0.x through 6.1.0.6 CF27, update to a version after 6.1.0.6 CF27. For versions 6.1.5.x through 6.1.5.3 CF27, update to a version after 6.1.5.3 CF27. For versions 7.x through 7.0.0.2 CF29, update to a version after 7.0.0.2 CF29. For versions 8.0.x before 8.0.0.1 CF20, update to 8.0.0.1 CF20 or later. For versions 8.5.x before 8.5.0.0 CF09, update to 8.5.0.0 CF09 or later.