CVE-2011-2172

Published: May 26, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (3)

Products: Ibm: Websphere Portal

Ibm

1 product

Websphere Portal

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Portal	Version 7.0.0.1
Ibm Websphere Portal	Version 7.0.0.1 cf002
Ibm Websphere Portal	Version 7.0.0.1 cf003

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (14)

http://osvdb.org/72500

Source: cve@mitre.org

http://secunia.com/advisories/44700

Source: cve@mitre.org

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644

Source: cve@mitre.org

http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009

Source: cve@mitre.org

http://www.ibm.com/support/docview.wss?uid=swg24029452

Source: cve@mitre.org

http://www.securityfocus.com/bid/47954

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/67594

Source: cve@mitre.org

http://osvdb.org/72500