Lucene search
HistoryNov 26, 2014 - 2:59 a.m.
CVE-2014-6093
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
48.5%
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Affected configurations
Node
ibmwebsphere_portalRange≤7.0.0.2cf28
ORibmwebsphere_portalRange≤8.0.0.114
ORibmwebsphere_portalRange≤8.5.0.0cf01
ORibmwebsphere_portalMatch7.0.0.0
ORibmwebsphere_portalMatch7.0.0.1
ORibmwebsphere_portalMatch8.0.0.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_portal | * | cpe:2.3:a:ibm:websphere_portal:*:cf28:*:*:*:*:*:* |
| ibm | websphere_portal | * | cpe:2.3:a:ibm:websphere_portal:*:14:*:*:*:*:*:* |
| ibm | websphere_portal | * | cpe:2.3:a:ibm:websphere_portal:*:cf01:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.0 | cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.1 | cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:* |
| ibm | websphere_portal | 8.0.0.0 | cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2014-11-26 02:59:00
cve
cve
CVE-2014-6093
2014-11-26 02:59:00
cvelist
cvelist
CVE-2014-6093
2014-11-26 02:00:00
nessus
nessus
IBM WebSphere Portal 8.5.0 < 8.5.0 CF02 Multiple Vulnerabilities
2014-11-12 00:00:00
IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities
2014-12-03 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
48.5%
Related for NVD:CVE-2014-6093