CVE-2013-6328

EUVD-2013-6154
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_portal
6.1.0.0
ibmwebsphere_portal
6.1.0.1
ibmwebsphere_portal
6.1.0.2
ibmwebsphere_portal
6.1.0.3
ibmwebsphere_portal
6.1.0.4
ibmwebsphere_portal
6.1.0.5
ibmwebsphere_portal
6.1.0.6
ibmwebsphere_portal
6.1.5.0
ibmwebsphere_portal
6.1.5.1
ibmwebsphere_portal
6.1.5.2
ibmwebsphere_portal
6.1.5.3
ibmwebsphere_portal
7.0.0.0
ibmwebsphere_portal
7.0.0.1
ibmwebsphere_portal
7.0.0.2
ibmwebsphere_portal
8.0.0.0
ibmwebsphere_portal
8.0.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/101269
http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345
http://www-01.ibm.com/support/docview.wss?uid=swg21660011
http://www.securityfocus.com/bid/64495
https://exchange.xforce.ibmcloud.com/vulnerabilities/88909
http://osvdb.org/101269
http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345
http://www-01.ibm.com/support/docview.wss?uid=swg21660011
http://www.securityfocus.com/bid/64495
https://exchange.xforce.ibmcloud.com/vulnerabilities/88909