CVE-2014-0953 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2014-0953

Modified

More Info Official Page

Source-psirt@us.ibm.com

Published At-12 Aug, 2014 | 05:01

Updated At-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

IBM Corporation

>>websphere_portal>>6.1.0.0

cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>6.1.0.1

cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>6.1.0.2

cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>6.1.0.3

cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>6.1.0.4

cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>6.1.0.5

cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>6.1.0.6

cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>6.1.5.0

cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>6.1.5.1

cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>6.1.5.2

cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>6.1.5.3

cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>7.0.0.0

cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>7.0.0.1

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>7.0.0.2

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_portal>>8.0.0.0

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127	psirt@us.ibm.com	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21680230	psirt@us.ibm.com	Patch Vendor Advisory
http://www.securitytracker.com/id/1030669	psirt@us.ibm.com	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/92626	psirt@us.ibm.com	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21680230	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.securitytracker.com/id/1030669	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/92626	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127

Source: psirt@us.ibm.com

Resource: N/A

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21680230

Source: psirt@us.ibm.com

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.securitytracker.com/id/1030669

Source: psirt@us.ibm.com

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/92626

Source: psirt@us.ibm.com

Resource: N/A

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21680230

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.securitytracker.com/id/1030669

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/92626

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A