SynopsisThe web portal software installed on the remote Windows host is affected by a cross-site scripting vulnerability.
DescriptionThe version of IBM WebSphere Portal installed on the remote Windows host is 8.0.0.x prior to 188.8.131.52 CF22. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to IBM WebSphere Portal 184.108.40.206 Cumulative Fix 22 (CF22) and apply Interim Fix PI80564 or later.