CVE-2014-0955

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
ibmwebsphere_portal
8.0.0.0
ibmwebsphere_portal
8.0.0.0:cf01
ibmwebsphere_portal
8.0.0.0:cf02
ibmwebsphere_portal
8.0.0.0:cf03
ibmwebsphere_portal
8.0.0.0:cf04
ibmwebsphere_portal
8.0.0.0:cf05
ibmwebsphere_portal
8.0.0.1
ibmwebsphere_portal
8.0.0.1:cf04
ibmwebsphere_portal
8.0.0.1:cf05
ibmwebsphere_portal
8.0.0.1:cf07
ibmwebsphere_portal
8.0.0.1:cf08
ibmwebsphere_portal
8.0.0.1:cf09
ibmwebsphere_portal
8.0.0.1:cf10
ibmwebsphere_portal
8.0.0.1:cf11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583
http://www-01.ibm.com/support/docview.wss?uid=swg21672572
https://exchange.xforce.ibmcloud.com/vulnerabilities/92628
http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583
http://www-01.ibm.com/support/docview.wss?uid=swg21672572
https://exchange.xforce.ibmcloud.com/vulnerabilities/92628