Unrated severityNVD Advisory· Published Nov 26, 2014· Updated Jun 17, 2026
CVE-2014-6093
CVE-2014-6093
Description
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Affected products
7cpe:2.3:a:ibm:websphere_portal:*:14:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:ibm:websphere_portal:*:14:*:*:*:*:*:*range: <=8.0.0.1
- cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:*:cf01:*:*:*:*:*:*range: <=8.5.0.0
- cpe:2.3:a:ibm:websphere_portal:*:cf28:*:*:*:*:*:*range: <=7.0.0.2
- (no CPE)range: 7.0.x < 7.0.0.2 CF29; 8.0.x < 8.0.0.1 CF14; 8.5.x < 8.5.0 CF02
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.