Vulnerability Details CVE-2013-6328
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/101269
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345
- http://www-01.ibm.com/support/docview.wss?uid=swg21660011
- http://www.securityfocus.com/bid/64495
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88909
- http://osvdb.org/101269
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345
- http://www-01.ibm.com/support/docview.wss?uid=swg21660011
- http://www.securityfocus.com/bid/64495
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88909
Products affected by CVE-2013-6328
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.0
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.1
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.2
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.3
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.4
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.5
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.6
-
cpe:2.3:a:ibm:websphere_portal:6.1.5.0
-
cpe:2.3:a:ibm:websphere_portal:6.1.5.1
-
cpe:2.3:a:ibm:websphere_portal:6.1.5.2
-
cpe:2.3:a:ibm:websphere_portal:6.1.5.3
-
cpe:2.3:a:ibm:websphere_portal:7.0.0.0
-
cpe:2.3:a:ibm:websphere_portal:7.0.0.1
-
cpe:2.3:a:ibm:websphere_portal:7.0.0.2
-
cpe:2.3:a:ibm:websphere_portal:8.0.0.0
-
cpe:2.3:a:ibm:websphere_portal:8.0.0.1