CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2989
https://notcve.org/view.php?id=CVE-2016-2989
Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el componente Connections Portlets 5.x en versiones anteriores a 5.0.2 para IBM WebSphere Portal permite a atacantes remotos redireccionar usuarios a sitios web arbitrarios y llevar a cabo ataques phishing a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21986393 http://www.securityfocus.com/bid/92344 http://www.securitytracker.com/id/1036498 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0855
https://notcve.org/view.php?id=CVE-2014-0855
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en IBM Connections Portlets 4.x anterior a 4.5.1 FP1 para IBM WebSphere Portal 7.0.0.2 y 8.0.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21663921 https://exchange.xforce.ibmcloud.com/vulnerabilities/90802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •