VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 25, 2010· Updated Apr 29, 2026

CVE-2010-0704

CVE-2010-0704

Description

Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A cross-site scripting vulnerability in the Portlet Palette search field of IBM WebSphere Portal 6.0.1.5 allows authenticated attackers to inject arbitrary web script or HTML.

Vulnerability

The Portlet Palette component in IBM WebSphere Portal version 6.0.1.5 (wp6015_008_01) is susceptible to a cross-site scripting (XSS) vulnerability in the search field. The application fails to properly sanitize user-supplied input before reflecting it back to the browser, allowing an attacker to inject arbitrary web script or HTML [1].

Exploitation

To exploit this vulnerability, an attacker must be an authenticated user of the WebSphere Portal. By crafting a malicious search query containing JavaScript or HTML payloads and submitting it via the Portlet Palette search field, the attacker's input is executed in the context of the victim's session when the results are displayed [1].

Impact

Successful exploitation enables an authenticated attacker to execute arbitrary web script or HTML in the browser of another authenticated user. This can lead to session hijacking, defacement of the portal interface, or theft of sensitive information within the portal's security context [1].

Mitigation

IBM has released a fix as documented in APAR PM05829, applicable to WebSphere Portal version 6.0.1.5 (component level R60J PSY UP). Administrators should apply the provided patch to remediate the vulnerability. No workarounds are mentioned in the available references [1].

References
  1. PM05829: PORTLET PALETTE SECURITY VULNERABILITY

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • IBM/Websphere Portal2 versions
    cpe:2.3:a:ibm:websphere_portal:6.0.1.5:wp6015_008_01:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ibm:websphere_portal:6.0.1.5:wp6015_008_01:*:*:*:*:*:*
    • (no CPE)range: =6.0.1.5 wp6015_008_01

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.