Published on 07/14/15 - Updated on 09/22/17
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 188.8.131.52 CF27, 6.1.5 through 184.108.40.206 CF27, 7.0.0 through 220.127.116.11 CF29, 8.0.0 before 18.104.22.168 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CWE-79 (Cross-Site Scripting (XSS))
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
No exploits available for this CVE in our database.