4.3
CVE-2014-0952
- EPSS 0.27%
- Published 22.05.2014 11:14:14
- Last modified 12.04.2025 10:46:40
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Websphere Portal Version6.1.0.0
Ibm ≫ Websphere Portal Version6.1.0.1
Ibm ≫ Websphere Portal Version6.1.0.2
Ibm ≫ Websphere Portal Version6.1.0.3
Ibm ≫ Websphere Portal Version6.1.0.4
Ibm ≫ Websphere Portal Version6.1.0.5
Ibm ≫ Websphere Portal Version6.1.0.6
Ibm ≫ Websphere Portal Version6.1.0.6 Updatecf27
Ibm ≫ Websphere Portal Version6.1.5.0
Ibm ≫ Websphere Portal Version6.1.5.1
Ibm ≫ Websphere Portal Version6.1.5.2
Ibm ≫ Websphere Portal Version6.1.5.3
Ibm ≫ Websphere Portal Version6.1.5.3 Updatecf27
Ibm ≫ Websphere Portal Version7.0.0.0
Ibm ≫ Websphere Portal Version7.0.0.0 Updatecf001
Ibm ≫ Websphere Portal Version7.0.0.1
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf002
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf003
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf004
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf005
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf006
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf007
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf008
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf009
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf010
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf019
Ibm ≫ Websphere Portal Version7.0.0.2
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf011
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf012
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf013
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf014
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf015
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf016
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf017
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf018
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf019
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf020
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf021
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf022
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf23
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf24
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf25
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf26
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf27
Ibm ≫ Websphere Portal Version8.0.0.0
Ibm ≫ Websphere Portal Version8.0.0.0 Updatecf01
Ibm ≫ Websphere Portal Version8.0.0.0 Updatecf02
Ibm ≫ Websphere Portal Version8.0.0.0 Updatecf03
Ibm ≫ Websphere Portal Version8.0.0.0 Updatecf04
Ibm ≫ Websphere Portal Version8.0.0.0 Updatecf05
Ibm ≫ Websphere Portal Version8.0.0.1
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf04
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf05
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf07
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf08
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf09
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf10
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.471 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.