CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3016
https://notcve.org/view.php?id=CVE-2013-3016
IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. IBM WebSphere Portal v6.1, v7.0, y v8.0 permite a atacantes remotos acceder al directorio de usuario a través de una solicitud manipulada por un servlet, relacionado con la configuración "serveServletsByClassnameEnabled". • http://www-01.ibm.com/support/docview.wss?uid=swg21647344 https://exchange.xforce.ibmcloud.com/vulnerabilities/84350 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 62EXPL: 0CVE-2013-0587
https://notcve.org/view.php?id=CVE-2013-0587
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM WebSphere Portal anterior a v8.0.0.1 CF07 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de los temas (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, o (4) PortalWeb2. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118 http://www-01.ibm.com/support/docview.wss?uid=swg21646618 https://exchange.xforce.ibmcloud.com/vulnerabilities/84345 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 39EXPL: 0CVE-2013-2950
https://notcve.org/view.php?id=CVE-2013-2950
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en IBM WebSphere Portal v6.1.0.x anterior a v6.1.0.3 CF26, v6.1.5.x anterior a v6.1.5 CF26, v7.0.0.x anterior a v7.0.0.2 CF21, y v8.0.0.x hasta v8.0.0.1 CF5 cuando la sustitución home (también conocida como uri.home.substitution) esta habilitada, permite a atacantes remotos autenticados inyectar cabeceras HTTP de su elección y llevar a cabo ataques de separación de respuesta HTTP a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071 http://www-01.ibm.com/support/docview.wss?uid=swg21638864 https://exchange.xforce.ibmcloud.com/vulnerabilities/83618 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2013-0549
https://notcve.org/view.php?id=CVE-2013-0549
Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad Cross-site scripting (XSS) en Web Content Manager - Web Content Viewer Portlet en el servidor IBM WebSphere Portal v7.0.0.x hasta v7.0.0.2 CF22 y v8.0.0.x hasta v8.0.0.1 CF5, cuando se utiliza la API IBM Portlet, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM84525 http://www-01.ibm.com/support/docview.wss?uid=swg21638984 https://exchange.xforce.ibmcloud.com/vulnerabilities/82762 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2011-2754
https://notcve.org/view.php?id=CVE-2011-2754
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en PageBuilder2 (Page Builder aka) en IBM WebSphere Portal v7.0.0.1 7.x antes de CF006, como el usado en IBM Content Manager Web (WCM) y otros productos, permite a atacantes remotos inyectar arbitrariamente web script o HTML a través de vectores no especificados. • http://secunia.com/advisories/45106 http://www.ibm.com/support/docview.wss?uid=swg21503959 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •