CVE-2010-0959
https://notcve.org/view.php?id=CVE-2010-0959
Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebEditor/Authentication/LoginPage.aspx en IBM ENOVIA SmarTeam v5 permite a atacantes remotos inyectar código web o HTML a través del parámetro errMsg. • http://osvdb.org/62901 http://www.securityfocus.com/archive/1/509975/100/0/threaded http://www.securityfocus.com/bid/38612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-0809
https://notcve.org/view.php?id=CVE-2009-0809
The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object. El editor web en Dassault Systemes ENOVIA SmarTeam V5 anterior a la liberación 18 del Service Pack 8, y posiblemente CATIA y otros productos, permite a usuarios remotos autentificados leer la tarjeta de perfil de un objeto en el documento "class" a través de un enlace que es enviado desde el propietario del objeto documento. • http://secunia.com/advisories/34037 http://www-01.ibm.com/support/docview.wss?uid=swg1HD80332 http://www.securityfocus.com/bid/33895 http://www.vupen.com/english/advisories/2009/0525 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4581
https://notcve.org/view.php?id=CVE-2008-4581
The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view. El Editor en IBM ENOVIA SmarTeam 5 antes de la versión 18 SP5 y la 19 antes de SP01, permite a usuarios remotamente autentificados evitar las restricciones de acceso previstas y leer objetos Document mediante la vista del proceso Workflow (también conocido como Flow Process). • http://secunia.com/advisories/32105 http://www-01.ibm.com/support/docview.wss?uid=swg27012567&aid=1 http://www-1.ibm.com/support/docview.wss?uid=swg1HD71425 http://www.securityfocus.com/bid/31748 https://exchange.xforce.ibmcloud.com/vulnerabilities/45943 • CWE-264: Permissions, Privileges, and Access Controls •