2 results (0.025 seconds)

CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0

CVE-2015-5002

https://notcve.org/view.php?id=CVE-2015-5002

18 Jan 2016 — Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Host On-Demand 11.0 hasta la versión 11.0.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21973985 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 4%CPEs: 101EXPL: 1

CVE-2013-4002 – OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

https://notcve.org/view.php?id=CVE-2013-4002

23 Jul 2013 — XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute... • https://github.com/tafamace/CVE-2013-4002 • CWE-20: Improper Input Validation •