5 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en (1) dojox/form/resources/uploader.swf (también conocido como upload.swf), (2) dojox/form/resources/fileuploader.swf (también conocido como fileupload.swf), (3) dojox/av/resources/audio.swf, y (4) dojox/av/resources/video.swf en el juego de herramientas de IBM Dojo, utilizado en IBM Social Media Analytics 1.3 anterior a IF11 y otros productos, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/62590 http://secunia.com/advisories/62837 http://www-01.ibm.com/support/docview.wss?uid=swg21694693 http://www-01.ibm.com/support/docview.wss?uid=swg21696013 http://www.securityfocus.com/bid/72903 http://www.securitytracker.com/id/1032376 https://exchange.xforce.ibmcloud.com/vulnerabilities/99303 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step. El componente OAC de IBM Financial Transaction Manager (FTM) 2.0 anterior a 2.0.0.3 no fuerza apropiadamente los requisitos de la intervención del operador, lo cual permite a usuarios remotos autenticados evadir restricciones de acceso a través de una etapa del proceso no especificada. • http://osvdb.org/102767 http://www-01.ibm.com/support/docview.wss?uid=swg21662714 https://exchange.xforce.ibmcloud.com/vulnerabilities/90612 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data. Vulnerabilidad de CSRF en el componente OAC de IBM Financial Transaction Manager (FTM) 2.0 anterior a 2.0.0.3 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para peticiones que modifican datos de configuración. • http://osvdb.org/102766 http://www-01.ibm.com/support/docview.wss?uid=swg21662714 https://exchange.xforce.ibmcloud.com/vulnerabilities/90585 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0

Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname. Vulnerabilidad de salto de directorio en la implementación de table-export en el componente OAC de IBM Financial Transaction Manager (FTM) 2.0 anterior a 2.0.0.3 y 2.1 anterior a 2.1.0.1 permite a usuarios remotos autenticados leer archivos arbitrarios a través de una ruta modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg21662714 https://exchange.xforce.ibmcloud.com/vulnerabilities/90584 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value. Múltiples vulnerabilidades XSS en las pantallas de detalle de configuración del componente OAC de IBM Financial Transaction Manager (FTM) 2.0 anterior a 2.0.0.3 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrario a través de un valor de texto manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21662714 https://exchange.xforce.ibmcloud.com/vulnerabilities/90586 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •