CVE-2017-1189

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 45.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Portal

Timeline

PublishedSep 7

Latest updateMay 17

Description

IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDibm/websphere_portal17 versions+16

🔴Vulnerability Details

GHSA

GHSA-r6q9-xj5x-4f49: IBM WebSphere Portal and Web Content Manager 6↗2022-05-17

▶

CVEList

CVE-2017-1189: IBM WebSphere Portal and Web Content Manager 6↗2017-09-07

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - 'nt!NtQueryInformationJobObject (BasicLimitInformation_ ExtendedLimitInformation)' Kernel Stack Memory Disclosure↗2017-06-22

▶