Vulnerabilities > IBM > Websphere Portal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2017-1120 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.5/9.0 IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2017-02-01 | CVE-2016-8922 | Cross-site Scripting vulnerability in IBM products Exphox WebRadar is vulnerable to cross-site scripting. | 6.1 |
| 2016-09-12 | CVE-2016-5954 | Improper Access Control vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. | 6.5 |
| 2016-08-08 | CVE-2016-2925 | Cross-site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-02-29 | CVE-2016-0245 | Unspecified vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.4 |
| 2016-02-29 | CVE-2016-0244 | Cross-site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243. | 6.1 |
| 2016-02-29 | CVE-2016-0243 | Cross-site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244. | 6.1 |
| 2016-02-29 | CVE-2015-7491 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-02-29 | CVE-2015-7457 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-01-27 | CVE-2016-0209 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.5.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |