IBM WebSphere Portal XSS Vulnerability (CVE-2018-1673)
Medium Nessus Plugin ID 129002
SynopsisThe web portal application installed on remote Windows host is affected by a cross-site scripting vulnerability.
DescriptionThe version of IBM WebSphere Portal installed on the remote Windows host is affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
SolutionApply the appropriate fixes according to the vendor advisory.