CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2014-8917
https://notcve.org/view.php?id=CVE-2014-8917
28 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en (1) dojox/form/resources/uploader.swf (tamb... • http://secunia.com/advisories/62590 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0830
https://notcve.org/view.php?id=CVE-2014-0830
01 Feb 2014 — Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname. Vulnerabilidad de salto de directorio en la implementación de table-export en el componente OAC de IBM Financial Transaction Manager (FTM) 2.0 anterior a 2.0.0.3 y 2.1 anterior a 2.1.0.1 permite a usuarios remotos autenticados leer archivos arbitrarios a... • http://www-01.ibm.com/support/docview.wss?uid=swg21662714 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •