CVE-2016-0243 Information

Description

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27 6.1.5.x through 6.1.5.3 CF27 7.x through 7.0.0.2 CF29 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL a different vulnerability than CVE-2016-0244.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.ibm.com/support/docview.wss?uid=swg21975358 http://www.securityfocus.com/bid/100572 http://www.securityfocus.com/bid/83488 http://www-01.ibm.com/support/docview.wss?uid=swg1PI54088

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1