CVE-2013-5379

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality.

Published: Nov 13, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-5379
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ibm / websphere_portal	7.0.0.1	7.0.0.1.x
ibm / websphere_portal	8.0.0.1	8.0.0.1.x
ibm / websphere_portal	7.0.0.0	7.0.0.0.x
ibm / websphere_portal	8.0.0.0	8.0.0.0.x
ibm / websphere_portal	7.0.0.2	7.0.0.2.x

http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047
http://www-01.ibm.com/support/docview.wss?uid=swg21655635
https://exchange.xforce.ibmcloud.com/vulnerabilities/86930

Vulnerability Database

289,697

CVE-2013-5379