CVE-2016-2901

Publication date

2016-06-26 01:00:00

Family

ibm

State

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.