CVE-2014-6214
https://notcve.org/view.php?id=CVE-2014-6214
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF15 y 8.5.0 anterior a CF05 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987 http://www-01.ibm.com/support/docview.wss?uid=swg21697213 http://www.securitytracker.com/id/1031880 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-0139
https://notcve.org/view.php?id=CVE-2015-0139
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF15 y 8.5.0 anterior a CF05 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI33329 http://www-01.ibm.com/support/docview.wss?uid=swg21697213 http://www.securitytracker.com/id/1031880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0177
https://notcve.org/view.php?id=CVE-2015-0177
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 8.5.0 anterior a CF05 permite a usuarios remotos autenticados inyectar secuencias de comandos arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI35228 http://www-01.ibm.com/support/docview.wss?uid=swg21697213 http://www.securitytracker.com/id/1031880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8902
https://notcve.org/view.php?id=CVE-2014-8902
Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el Portlet de Blog en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF14 y 8.5.0 anteriores a CF04 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956 http://www-01.ibm.com/support/docview.wss?uid=swg21692107 https://exchange.xforce.ibmcloud.com/vulnerabilities/99150 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-6171
https://notcve.org/view.php?id=CVE-2014-6171
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF14 y 8.5.0 anteriores a CF04 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de URL manipuladas. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI29134 http://www-01.ibm.com/support/docview.wss?uid=swg21692107 https://exchange.xforce.ibmcloud.com/vulnerabilities/98383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •