This script is Copyright (C) 2014 Tenable Network Security, Inc.
An application hosted on the remote web server has multiple
The version of IBM WebSphere Portal on the remote host is affected by
multiple cross-site scripting (XSS) vulnerabilities :
- An XSS vulnerability exists in the Web Content Manager
user interface. (CVE-2014-0828)
- An XSS vulnerability exists in the Social Rendering
feature of the IBM Connections integration.
An attacker could exploit these vulnerabilities to execute code in the
security context of a user's browser to steal authentication cookies.
See also :
IBM has published a cumulative fix for WebSphere Portal 18.104.22.168
(CF11). Refer to IBM's advisory for more information.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true