CVE-2014-6196

Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmweb_experience_factory
6.1.5
ibmweb_experience_factory
7.0.1
ibmweb_experience_factory
7.0.1.1
ibmweb_experience_factory
7.0.1.2
ibmweb_experience_factory
7.0.1.3
ibmweb_experience_factory
7.0.1.4
ibmweb_experience_factory
8.0
ibmweb_experience_factory
8.0.0
ibmweb_experience_factory
8.0.0.1
ibmweb_experience_factory
8.0.0.2
ibmweb_experience_factory
8.0.0.3
ibmweb_experience_factory
8.5
ibmweb_experience_factory
8.5.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/59546
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82672
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82673
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82674
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82675
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82676
http://www-01.ibm.com/support/docview.wss?uid=swg21690018
https://exchange.xforce.ibmcloud.com/vulnerabilities/98608
http://secunia.com/advisories/59546
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82672
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82673
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82674
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82675
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82676
http://www-01.ibm.com/support/docview.wss?uid=swg21690018
https://exchange.xforce.ibmcloud.com/vulnerabilities/98608