Lucene search
MitreCVE-2011-5048HistoryJan 03, 2012 - 7:55 p.m.
CVE-2011-5048
2012-01-0319:55:04
CWE-79
mitre
web.nvd.nist.gov
22
cve-2011-5048
xss vulnerabilities
ibm web experience factory
websphere portlet factory
smart refresh
dojo
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.003
Percentile
65.5%
Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo.
Affected configurations
Node
ibmweb_experience_factoryMatch7.0
ORibmweb_experience_factoryMatch7.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | web_experience_factory | 7.0 | cpe:2.3:a:ibm:web_experience_factory:7.0:*:*:*:*:*:*:* |
| ibm | web_experience_factory | 7.0.1 | cpe:2.3:a:ibm:web_experience_factory:7.0.1:*:*:*:*:*:*:* |
Related
openvas
openvas
IBM Web Experience Factory Multiple Cross Site Scripting Vulnerabilities
2012-01-19 00:00:00
IBM Web Experience Factory Multiple XSS Vulnerabilities
2012-01-19 00:00:00
prion
prion
Cross site scripting
2012-01-03 19:55:00
cvelist
cvelist
CVE-2011-5048
2012-01-03 19:00:00
nvd
nvd
CVE-2011-5048
2012-01-03 19:55:04
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.003
Percentile
65.5%
Related for CVE-2011-5048