CVE-2009-4152 Information

Description

Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag.

Reference

http://secunia.com/advisories/37526 http://www.securityfocus.com/bid/37159 http://www.vupen.com/english/advisories/2009/3367 http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429 http://www-01.ibm.com/support/docview.wss?uid=swg27014411