Published on 14/07/15 - Updated on 22/09/17
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 18.104.22.168 CF27, 6.1.5 through 22.214.171.124 CF27, 7.0.0 through 126.96.36.199 CF29, 8.0.0 before 188.8.131.52 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CWE-79 (Cross-Site Scripting (XSS))
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
No exploits available for this CVE in our database.