Vulnerabilities > IBM > Websphere Portal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-27 | CVE-2018-1660 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 3.5 |
| 2018-09-27 | CVE-2018-1820 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 3.5 |
| 2018-07-11 | CVE-2013-2951 | Credentials Management vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. | 2.1 |
| 2018-04-17 | CVE-2018-1445 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. | 3.5 |
| 2018-03-14 | CVE-2018-1444 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.5.0.0/9.0.0.0 IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. | 3.5 |
| 2017-12-11 | CVE-2017-1536 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. | 3.5 |
| 2016-08-08 | CVE-2016-2925 | Cross-site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2016-02-29 | CVE-2015-7491 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2015-07-14 | CVE-2015-1944 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2015-03-13 | CVE-2015-0139 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |