cpe:/a:ibm:websphere_application_server:7.0 cpe:/a:ibm:websphere_application_server:8.0 cpe:/a:ibm:websphere_application_server:8.5 cpe:/a:ibm:websphere_application_server:9.0 CVE-2018-1793 2018-10-03T10:29:00.433-04:00 2019-10-09T19:39:06.463-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SECTRACK 1041801 CONFIRM https://www.ibm.com/support/docview.wss?uid=ibm10729563 XF ibm-websphere-cve20181793-xss(148948) IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148948.