CVE-2017-1303

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal and Web Content Manager versions 7.0 through 9.0

Description The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This is due to insufficient protection of the web page structure, which can be exploited by a remote attacker to gain access to account credentials by injecting arbitrary JavaScript code into the Web UI during a trusted session.

Recommendations For versions 7.0 through 9.0, update to a version that includes fixes for this issue to prevent cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.