The following advisory describes a Cross-Site Scripting (XSS) vulnerability found in WebSphere Portal version 18.104.22.168.
IBM WebSphere Portal products provide enterprise web portals that help companies deliver a highly-personalized, social experience for their customers. WebSphere Portal products give users a single point of access to the applications, services, information and social connections they need. These products help increase visitor response and reduce web operations cost while offering a range of capabilities to meet your business needs.
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
We notified IBM of the vulnerability back in September 2016, repeated attempts to re-establish contact and get some answer on the status of the patches for this vulnerability went unanswered. At this time there is no solution or workaround for this vulnerability.