NVD

Id
33769  
Name
CVE-2014-6196  
Description
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-11-25  
Modified Date
2014-12-30  
Seq
2014-6196  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
175264 33769 CVE-2014-6196 LO82672  View
175265 33769 CVE-2014-6196 LO82673  View
175266 33769 CVE-2014-6196 LO82674  View
175267 33769 CVE-2014-6196 LO82675  View
175268 33769 CVE-2014-6196 LO82676  View
175269 33769 CVE-2014-6196 http://www-01.ibm.com/support/docview.wss?uid=swg21690018  View
175270 33769 CVE-2014-6196 ibm-wef-cve20146196-xss(98608)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16765 JVNDB-2014-005640 IBM Web Experience Factory におけるクロスサイトスクリプティングの脆弱性 WebSphere Dashboard Framework (WDF) および Lotus Widget Factory (LWF) で使用される IBM Web Experience Factory (WEF) には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-6196 73487 CVE-2014-6196 33769 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005640.html 2014-11-12 2014-11-27 View