What is the severity of CVE-2016-2925?

CVE-2016-2925 is considered a medium severity vulnerability due to the potential for XSS attacks by an authenticated user.

How do I fix CVE-2016-2925?

To fix CVE-2016-2925, it's recommended to apply the latest patches provided by IBM for the affected versions of WebSphere Portal.

Which versions of IBM WebSphere Portal are affected by CVE-2016-2925?

CVE-2016-2925 affects IBM WebSphere Portal versions 6.1.0.x through 6.1.0.6, 6.1.5.x through 6.1.5.3, 7.x through 7.0.0.2, 8.0.0.x through 8.0.0.1, and 8.5.0 before CF10.

What type of attack can occur due to CVE-2016-2925?

CVE-2016-2925 allows for cross-site scripting (XSS) attacks, enabling remote authenticated users to inject arbitrary web scripts or HTML.

Who is primarily affected by CVE-2016-2925?

The primary affected users of CVE-2016-2925 are those using IBM WebSphere Portal where authenticated users can exploit the vulnerability.

Vulnerability/
CVE-2016-2925

medium

5.4

CWE

8/8/2016

5/8/2024

CVE-2016-2925: XSS

First published: Mon Aug 08 2016(Updated: )

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Portal	=6.1.0.0
IBM WebSphere Portal	=6.1.0.1
IBM WebSphere Portal	=6.1.0.2
IBM WebSphere Portal	=6.1.0.3
IBM WebSphere Portal	=6.1.0.4
IBM WebSphere Portal	=6.1.0.5
IBM WebSphere Portal	=6.1.0.6
IBM WebSphere Portal	=6.1.5.0
IBM WebSphere Portal	=6.1.5.1
IBM WebSphere Portal	=6.1.5.2
IBM WebSphere Portal	=6.1.5.3
IBM WebSphere Portal	=7.0.0.0
IBM WebSphere Portal	=7.0.0.1
IBM WebSphere Portal	=7.0.0.2
IBM WebSphere Portal	=8.0.0.0
IBM WebSphere Portal	=8.0.0.1
IBM WebSphere Portal	=8.5.0.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-2925?
CVE-2016-2925 is considered a medium severity vulnerability due to the potential for XSS attacks by an authenticated user.
How do I fix CVE-2016-2925?
To fix CVE-2016-2925, it's recommended to apply the latest patches provided by IBM for the affected versions of WebSphere Portal.
Which versions of IBM WebSphere Portal are affected by CVE-2016-2925?
CVE-2016-2925 affects IBM WebSphere Portal versions 6.1.0.x through 6.1.0.6, 6.1.5.x through 6.1.5.3, 7.x through 7.0.0.2, 8.0.0.x through 8.0.0.1, and 8.5.0 before CF10.
What type of attack can occur due to CVE-2016-2925?
CVE-2016-2925 allows for cross-site scripting (XSS) attacks, enabling remote authenticated users to inject arbitrary web scripts or HTML.
Who is primarily affected by CVE-2016-2925?
The primary affected users of CVE-2016-2925 are those using IBM WebSphere Portal where authenticated users can exploit the vulnerability.

agent/references
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/author
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm websphere portal
version/ibm websphere portal/6.1.0.0
version/ibm websphere portal/6.1.0.1
version/ibm websphere portal/6.1.0.2
version/ibm websphere portal/6.1.0.3
version/ibm websphere portal/6.1.0.4
version/ibm websphere portal/6.1.0.5
version/ibm websphere portal/6.1.0.6
version/ibm websphere portal/6.1.5.0
version/ibm websphere portal/6.1.5.1
version/ibm websphere portal/6.1.5.2
version/ibm websphere portal/6.1.5.3
version/ibm websphere portal/7.0.0.0
version/ibm websphere portal/7.0.0.1
version/ibm websphere portal/7.0.0.2
version/ibm websphere portal/8.0.0.0
version/ibm websphere portal/8.0.0.1
version/ibm websphere portal/8.5.0.0