Vulnerabilities > IBM > Websphere Portal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-05-26 | CVE-2011-2173 | Resource Management Errors vulnerability in IBM Websphere Portal 6.0.1.7/7.0.0.1 The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests. | 4.0 |
| 2011-05-26 | CVE-2011-2172 | Cross-Site Scripting vulnerability in IBM Websphere Portal 7.0.0.1 Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-01-28 | CVE-2011-0679 | Information Exposure vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message." | 5.0 |
| 2010-11-09 | CVE-2010-4219 | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.1 Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-04-12 | CVE-2010-1348 | Security vulnerability in IBM WebSphere Portal Login Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors. | 7.5 |
| 2010-02-26 | CVE-2010-0715 | Remote Security vulnerability in Websphere Portal Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. network ibm | 6.8 |
| 2010-02-26 | CVE-2010-0714 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2010-02-25 | CVE-2010-0704 | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.0.1.5 Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. | 4.3 |
| 2009-12-02 | CVE-2009-4153 | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.0/6.1.0.1/6.1.0.2 Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory. | 7.5 |
| 2009-12-02 | CVE-2009-4152 | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.0/6.1.0.1/6.1.0.2 Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. | 4.3 |