CVE-2014-6196

Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/59546
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82672
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82673
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82674
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82675
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82676
http://www-01.ibm.com/support/docview.wss?uid=swg21690018	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/98608
http://secunia.com/advisories/59546
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82672
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82673
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82674
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82675
http://www-01.ibm.com/support/docview.wss?uid=swg1LO82676
http://www-01.ibm.com/support/docview.wss?uid=swg21690018	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/98608

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:web_experience_factory:6.1.5:::::::*
	cpe:2.3:a:ibm:web_experience_factory:7.0.1:::::::*
	cpe:2.3:a:ibm:web_experience_factory:7.0.1.1:::::::*
	cpe:2.3:a:ibm:web_experience_factory:7.0.1.2:::::::*
	cpe:2.3:a:ibm:web_experience_factory:7.0.1.3:::::::*
	cpe:2.3:a:ibm:web_experience_factory:7.0.1.4:::::::*
	cpe:2.3:a:ibm:web_experience_factory:8.0:::::::*
	cpe:2.3:a:ibm:web_experience_factory:8.0.0:::::::*
	cpe:2.3:a:ibm:web_experience_factory:8.0.0.1:::::::*
	cpe:2.3:a:ibm:web_experience_factory:8.0.0.2:::::::*
	cpe:2.3:a:ibm:web_experience_factory:8.0.0.3:::::::*
	cpe:2.3:a:ibm:web_experience_factory:8.5:::::::*
	cpe:2.3:a:ibm:web_experience_factory:8.5.0.1:::::::*

OR	cpe:2.3:a:ibm:lotus_widget_factory:-:::::::*
	cpe:2.3:a:ibm:websphere_dashboard_framework:-:::::::*

History

21 Nov 2024, 02:13

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/59546 -~~	() http://secunia.com/advisories/59546 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1LO82672 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1LO82672 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1LO82673 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1LO82673 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1LO82674 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1LO82674 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1LO82675 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1LO82675 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1LO82676 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1LO82676 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21690018 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21690018 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/98608 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/98608 -

Information

Published : 2014-11-26 02:59

Updated : 2024-11-21 02:13

NVD link : CVE-2014-6196

Mitre link : CVE-2014-6196

CVE.ORG link : CVE-2014-6196

JSON object : View

Products Affected

ibm

websphere_dashboard_framework
lotus_widget_factory
web_experience_factory

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10