Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

The version of IBM WebSphere Portal installed on the remote Windows host is 8.5.0.0 prior to 8.5.0.0 CF10. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists that is triggered when     handling a specially crafted request. An     unauthenticated, remote attacker can exploit this to     inject arbitrary LDAP content and view, add, modify or     delete information in the user repository.
    (CVE-2015-7472)

  - An XXE (XML external entity) injection vulnerability     exists due to an incorrectly configured XML parser     accepting XML external entities from an untrusted     source. An unauthenticated, remote attacker can exploit     this, via specially crafted XML data, to cause a denial     of service condition or disclose sensitive information.
    (CVE-2016-0245)

  - A cross-site scripting (XSS) vulnerability exists due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this, via a     specially crafted request, to execute arbitrary script     code in a user's browser session. (CVE-2016-2925)

The version of IBM WebSphere Portal installed on the remote Windows host is 8.0.0.x prior to 8.0.0.1 CF21. It is, therefore, affected by multiple vulnerabilities :

  - A cross-site scripting (XSS) vulnerability exists due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this, via a     specially crafted request, to execute arbitrary script     code in a user's browser session. (CVE-2016-2925)

  - An information disclosure vulnerability exists due to     a failure to set the 'Secure' flag for cookies     transmitted via WAB forwarding, resulting in the     information being transmitted in cleartext. A     man-in-the-middle attacker can exploit this to disclose     sensitive information.

  - An information disclose vulnerability exists in the     portal model REST feeds due to exposing version     information. An unauthenticated, remote attacker can     exploit this to disclose sensitive version information.

The version of IBM WebSphere Portal installed on the remote host is 6.1.5.x prior to 6.1.5.3 CF27. It is, therefore, affected by multiple vulnerabilities :

  - A cross-site scripting vulnerability exists in the     'boot_config.jsp' script due to improper validation of     user-supplied input. An attacker can exploit this issue     to execute arbitrary script code in the security context     of a user's browser to steal authentication cookies.
    (CVE-2014-0952)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user-supplied input. An     attacker can exploit this issue to execute arbitrary     script code in the security context of a user's web     browser to steal authentication cookies. (CVE-2014-0956)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during     entity expansion. A remote attacker, via a specially     crafted XML document, can cause the system to crash,     resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-6215)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-8909)

  - An unspecified flaw exists that is trigged when handling     Portal requests. A remote attacker can exploit this to     cause a consumption of CPU resources, resulting in a     denial of service condition. (CVE-2015-1943)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2016-2925)

The version of IBM WebSphere Portal installed on the remote host is 6.1.0.x prior 6.1.0.6 CF27. It is, therefore, affected by multiple vulnerabilities :

  - A cross-site scripting vulnerability exists in the     'boot_config.jsp' script due to improper validation of     user-supplied input. An attacker can exploit this issue     to execute arbitrary script code in the security context     of a user's browser to steal authentication cookies.
    (CVE-2014-0952)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user-supplied input. An     attacker can exploit this issue to execute arbitrary     script code in the security context of a user's web     browser to steal authentication cookies. (CVE-2014-0956)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during     entity expansion. A remote attacker, via a specially     crafted XML document, can cause the system to crash,     resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-6215)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-8909)

  - An unspecified flaw exists that is trigged when handling     Portal requests. A remote attacker can exploit this to     cause a consumption of CPU resources, resulting in a     denial of service condition. (CVE-2015-1943)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2016-2925)

ID	Name	Product	Family	Severity
93027	IBM WebSphere Portal 8.5.0.0 < 8.5.0.0 CF10 Multiple Vulnerabilities	Nessus	CGI abuses	high
93026	IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF21 Multiple Vulnerabilities	Nessus	CGI abuses	medium
78740	IBM WebSphere Portal 6.1.5.x < 6.1.5.3 CF27 Multiple Vulnerabilities	Nessus	CGI abuses	medium
78739	IBM WebSphere Portal 6.1.0.x < 6.1.0.6 CF27 Multiple Vulnerabilities	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2016-2925

medium

Tenable Plugins

high

medium

medium

medium