This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Windows host has web portal software installed that is
affected by multiple cross-site scripting vulnerabilities.
The version of IBM WebSphere Portal on the remote host is affected by
multiple cross-site scripting (XSS) vulnerabilities :
- An XSS vulnerability exists in the Web Content Manager
user interface. (CVE-2014-0828)
- An XSS vulnerability exists in the Social Rendering
feature of the IBM Connections integration.
An attacker can exploit these vulnerabilities to execute code in the
security context of a user's browser to steal authentication cookies.
See also :
IBM has published a cumulative fix for WebSphere Portal 18.104.22.168
(CF11). Refer to IBM's advisory for more information.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true