CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2014-0929
https://notcve.org/view.php?id=CVE-2014-0929
Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions. Vulnerabilidad de CSRF en el componente Profiles en IBM Connections hasta 3.0.1.1 CR3 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que provocan acciones 'seguir'. • http://secunia.com/advisories/59046 http://www-01.ibm.com/support/docview.wss?uid=swg1LO79622 http://www-01.ibm.com/support/docview.wss?uid=swg21668509 https://exchange.xforce.ibmcloud.com/vulnerabilities/92261 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0855
https://notcve.org/view.php?id=CVE-2014-0855
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en IBM Connections Portlets 4.x anterior a 4.5.1 FP1 para IBM WebSphere Portal 7.0.0.2 y 8.0.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21663921 https://exchange.xforce.ibmcloud.com/vulnerabilities/90802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0569
https://notcve.org/view.php?id=CVE-2013-0569
Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados en el componente Comunities en IBM Connections v4.5 permite a atacantes remotos a inyectar código web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1LO74629 http://www-01.ibm.com/support/docview.wss?uid=swg21635059 https://exchange.xforce.ibmcloud.com/vulnerabilities/83354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2013-0503
https://notcve.org/view.php?id=CVE-2013-0503
Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en el componente de marcadores en IBM Lotus Connections v4.0 antes CR3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1LO74182 http://www-01.ibm.com/support/docview.wss?uid=swg21634538 https://exchange.xforce.ibmcloud.com/vulnerabilities/82265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1032
https://notcve.org/view.php?id=CVE-2011-1032
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. IBM Lotus Connections v3.0, cuando IBM WebSphere Application Server v7.0.0.11 es usada, no restringe adecuadamente el acceso al módulo de login interno, que tiene un impacto no especificado y vectores de ataque. • http://osvdb.org/70931 http://secunia.com/advisories/43298 http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565 http://www.ibm.com/support/docview.wss?uid=swg21462435 http://www.vupen.com/english/advisories/2011/0382 • CWE-264: Permissions, Privileges, and Access Controls •