CVSS: 6.1EPSS: 0%CPEs: 45EXPL: 0CVE-2015-7439
https://notcve.org/view.php?id=CVE-2015-7439
Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en InfoSphere Data Architect (IDA), tal como es distribuido en IBM Rational Software Architect 8.5 hasta la versión 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 hasta la versión 9.5 y Rational Software Architect RealTime (RSART) 8.5 hasta la versión 9.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21972909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2009-4052
https://notcve.org/view.php?id=CVE-2009-4052
Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en JSF Widget Library Runtime de IBM Rational Application Developer de WebSphere Software en versiones anteriores a la v7.0.0.10 y Rational Software Architect en versiones anteriores a la v7.0.0.10 permiten a los usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque que involucran (1) JSF Tree Control y (2) JavaScript Resource Servlet. • http://secunia.com/advisories/37442 http://www-01.ibm.com/support/docview.wss?uid=swg1PK90616 http://www-01.ibm.com/support/docview.wss?uid=swg1PK94324 http://www-01.ibm.com/support/docview.wss?uid=swg27012378 http://www-01.ibm.com/support/docview.wss?uid=swg27012558 http://www.osvdb.org/60319 http://www.securityfocus.com/bid/37083 https://exchange.xforce.ibmcloud.com/vulnerabilities/54360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •