Vulnerabilities > IBM > Websphere Portal > 7.0.0.2

DATE CVE VULNERABILITY TITLE RISK
2013-11-13 CVE-2013-5379 Cross-Site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality.
network
ibm CWE-79
3.5
3.5
2013-08-16 CVE-2013-0587 Cross-Site Scripting vulnerability in IBM Websphere Portal
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme.
network
ibm CWE-79
4.3
4.3
2013-06-03 CVE-2013-2950 Code Injection vulnerability in IBM Websphere Portal
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
network
ibm CWE-94
3.5
3.5
2013-06-03 CVE-2013-0549 Cross-Site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
4.3
2012-11-30 CVE-2012-4834 Path Traversal vulnerability in IBM Websphere Portal 7.0.0.1/7.0.0.2/8.0.0.0
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
network
low complexity
ibm CWE-22
5.0
5.0
2012-07-03 CVE-2012-2181 Path Traversal vulnerability in IBM Websphere Portal 7.0.0.1/7.0.0.2/8.0
Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL.
network
low complexity
ibm CWE-22
5.0
5.0