Unrated severityNVD Advisory· Published Jan 3, 2012· Updated Jun 16, 2026
CVE-2011-5048
CVE-2011-5048
Description
Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo.
Affected products
3cpe:2.3:a:ibm:web_experience_factory:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:web_experience_factory:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:web_experience_factory:7.0.1:*:*:*:*:*:*:*
- (no CPE)range: <=7.0.1
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.