PM36644: SEARCH CENTER - CROSS SITE SCRITPING VULNERABILITY

6.1.0.6 Download: WebSphere Portal and WCM V6.1.0 fix pack 6
7.0.0.2 Download: WebSphere Portal and WCM V7.0 fix pack 2
Fixes integrated in WebSphere Portal 7.0.0.1 & 7.0.0.2 Combined Cumulative Fixes

APAR status

• Closed as program error.

Error description

• Steps to recreate.
  
  1. In search centre form in search centre  portlet, one hidden
  variable as mentioned below can be found.
  
   Original tag: <input type="hidden"
  value="com.ibm.lotus.search.ALL_SOURCES" name="scope"
  dojoattachpoint="scope"/>
  
  
  2. Edit it to value
  
   Modifed Tag: <input type="hidden"
  value="com.ibm.lotus.search.ALL_SOURCES&quot;+alert('This is
  embedded alert')+&quot;" name="scope" dojoattachpoint="scope"/>
  
  3. Alert can be seen.
  
  Using firebug in fire fox or developer tool in IE8, you can
  modify the html.
  

Local fix

Problem summary

• A code fix for this issue is integrated into the 7.0.0.1
  Combined Cumulative Fix 004 (PM37009) which is available from
  Fix Central:
  
  http://www.ibm.com/eserver/support/fixes/fixcentral/swg/quickord
  er?productid=WebSphere%20Portal&brandid=5&apar=PM37009
  
  You might need to type or paste the complete address into your
  Web browser.
  

Problem conclusion

• A code fix for this issue is integrated into the 7.0.0.1
  Combined Cumulative Fix 004 (PM37009) which is available from
  Fix Central:
  
  http://www.ibm.com/eserver/support/fixes/fixcentral/swg/quickord
  er?productid=WebSphere%20Portal&brandid=5&apar=PM37009
  
  You might need to type or paste the complete address into your
  Web browser.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  WEBSPHERE PORTA

• Fixed component ID

  5724E7600

Applicable component levels

• R700 PSY

     UP