CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0CVE-2013-5418
https://notcve.org/view.php?id=CVE-2013-5418
16 Nov 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la consola Administrative de IBM WebSphere Application Server (WAS) 7.0 anterior a la versión 7.0.0.31, 8.0 anterior a 8.0.0.8, y 8.5 anterior a la versión 8.5.5.1 permite a usuarios remotos autenticados inyectar scrip... • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 87EXPL: 0CVE-2013-4053
https://notcve.org/view.php?id=CVE-2013-4053
20 Sep 2013 — The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors. La implementación WS-Security en IBM WebSphere Application (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteri... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2013-0596
https://notcve.org/view.php?id=CVE-2013-0596
20 Sep 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la consola administrativa en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM73445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 68EXPL: 0CVE-2013-4052
https://notcve.org/view.php?id=CVE-2013-4052
20 Sep 2013 — Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad cross-site scripting (XSS) en la consola administrativa UDDI de IBM WebSphere Application Server (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteriores a 7.0.0.31), 8.0 (anteriores a 8.0.0.8) y 8.5 (anteriores ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM91892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 73EXPL: 0CVE-2013-4005
https://notcve.org/view.php?id=CVE-2013-4005
21 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88208 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 72EXPL: 0CVE-2013-2967
https://notcve.org/view.php?id=CVE-2013-2967
21 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0, permi... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM78614 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 72EXPL: 0CVE-2013-2976
https://notcve.org/view.php?id=CVE-2013-2976
21 Aug 2013 — The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors. La consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0 no realiza correctamente el almacenamiento en caché, lo que permit... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM79992 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 73EXPL: 0CVE-2013-3029
https://notcve.org/view.php?id=CVE-2013-3029
21 Aug 2013 — Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Vulnerabilidad CSRF (Cross-site request forgery) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88746 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2013-0597
https://notcve.org/view.php?id=CVE-2013-0597
21 Aug 2013 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0 cuando se utiliza OAuth, permite a usuarios remotos autenticados inyectar secuenci... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM85834 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 4%CPEs: 4EXPL: 0CVE-2013-1777 – Apache Geronimo 3 RMI Classloader Exposure
https://notcve.org/view.php?id=CVE-2013-1777
01 Jul 2013 — The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object. La funcionalidad JMX Remoting en Apache Geronimo versiones 3.x anteriores a 3.0.1, tal y como se usa en WebSphere Application Server (WAS) Community Edition de IBM versión 3.0.0.3... • http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •