CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-6093
https://notcve.org/view.php?id=CVE-2014-6093
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 7.0.x anterior a 7.0.0.2 CF29, 8.0.x hasta 8.0.0.1 CF14, y 8.5.x anterior a 8.5.0 CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/59752 http://secunia.com/advisories/60912 http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678 http://www-01.ibm.com/support/docview.wss?uid=swg21689849 http://www.securitytracker.com/id/1031359 https://exchange.xforce.ibmcloud.com/vulnerabilities/95921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 62EXPL: 0CVE-2013-0587
https://notcve.org/view.php?id=CVE-2013-0587
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM WebSphere Portal anterior a v8.0.0.1 CF07 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de los temas (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, o (4) PortalWeb2. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118 http://www-01.ibm.com/support/docview.wss?uid=swg21646618 https://exchange.xforce.ibmcloud.com/vulnerabilities/84345 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2008-5675
https://notcve.org/view.php?id=CVE-2008-5675
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI." Vulnerabilidad inespecifica en IBM WebSphere Portal v6.0 anteriores a v6.0.1.5 tiene un impacto desconocido y vectores de ataque relacionados con "problemas de acceso con BasicAuthTAI". • http://secunia.com/advisories/33132 http://www-01.ibm.com/support/docview.wss?uid=swg27007603 http://www-1.ibm.com/support/docview.wss?uid=swg1PK75304 http://www.osvdb.org/50720 http://www.vupen.com/english/advisories/2008/3427 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2007-3127 – WSPortal 1.0 - 'content.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3127
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. content.php de WSPortal 1.0, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos obtener información sensible mediante una secuencia "';" (comilla simple, punto y coma) en el parámetro page, lo cual revela la ruta de instalación en el mensaje de SQL forzado resultante. • https://www.exploit-db.com/exploits/30197 http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html http://www.netvigilance.com/advisory0032 http://www.osvdb.org/34164 http://www.securityfocus.com/archive/1/471619/100/0/threaded http://www.vupen.com/english/advisories/2007/2237 https://exchange.xforce.ibmcloud.com/vulnerabilities/34894 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3128
https://notcve.org/view.php?id=CVE-2007-3128
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. Vulnerabilidad de inyección SQL en content.php de WSPortal 1.0, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro page. WSportal version 1.0 suffers from a SQL injection vulnerability. • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html http://www.netvigilance.com/advisory0033 http://www.osvdb.org/34164 http://www.securityfocus.com/archive/1/471629/100/0/threaded http://www.securityfocus.com/bid/24513 http://www.vupen.com/english/advisories/2007/2237 https://exchange.xforce.ibmcloud.com/vulnerabilities/34896 •