CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2014-0929
https://notcve.org/view.php?id=CVE-2014-0929
Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions. Vulnerabilidad de CSRF en el componente Profiles en IBM Connections hasta 3.0.1.1 CR3 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que provocan acciones 'seguir'. • http://secunia.com/advisories/59046 http://www-01.ibm.com/support/docview.wss?uid=swg1LO79622 http://www-01.ibm.com/support/docview.wss?uid=swg21668509 https://exchange.xforce.ibmcloud.com/vulnerabilities/92261 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0569
https://notcve.org/view.php?id=CVE-2013-0569
Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados en el componente Comunities en IBM Connections v4.5 permite a atacantes remotos a inyectar código web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1LO74629 http://www-01.ibm.com/support/docview.wss?uid=swg21635059 https://exchange.xforce.ibmcloud.com/vulnerabilities/83354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2011-5254 – Connections Business Directory < 0.7.1.6 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2011-5254
Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors. Vulnerabilidad sin especificar en el plugin Connections anterior a v0.7.1.6 para WordPress tiene un impacto y vectores de ataque desconocidos. The Connections plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 0.7.1.5 due to insufficient authorization checks. • http://secunia.com/advisories/47390 http://wordpress.org/extend/plugins/connections/changelog http://www.osvdb.org/78063 http://www.securityfocus.com/bid/51204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •