U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ibm:websphere_portal:1.0
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2014-6093

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Published: November 25, 2014; 9:59:00 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-0587

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme.

Published: August 15, 2013; 9:55:15 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-5675

Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI."

Published: December 18, 2008; 8:52:57 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-3127

content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.

Published: June 19, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-3128

SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.

Published: June 19, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM