Page 16 of 96 results (0.007 seconds)

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la implementación Social Rendering en la integración de IBM Connections en IBM WebSphere Portal 8.0.0.x anterior a 8.0.0.1 CF11 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659 http://www-01.ibm.com/support/docview.wss?uid=swg21667016 http://www.securityfocus.com/bid/66559 https://exchange.xforce.ibmcloud.com/vulnerabilities/91398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz de usuario de WCM (Web Content Manager) en IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF27 y 8.0.0.x anterior a 8.0.0.1 CF11 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734 http://www-01.ibm.com/support/docview.wss?uid=swg21667016 http://www.securityfocus.com/bid/66556 https://exchange.xforce.ibmcloud.com/vulnerabilities/90566 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results. IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x anterior a 7.0.0.2 CF27 y 8.0.0.x anterior a 8.0.0.1 CF10, cuando la configuración wcm.path.traversal.security está habilitada, permite a atacantes remotos evadir restricciones de lectura en un artículo mediante el acceso a este artículo dentro de los resultados de búsqueda. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185 http://www-01.ibm.com/support/docview.wss?uid=swg21665915 https://exchange.xforce.ibmcloud.com/vulnerabilities/89363 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 45EXPL: 0

Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. Vulnerabilidad de subida de archivos sin restricción en el portlet Registration/Edit My Profile en IBM WebSphere Portal 7.x anterior a 7.0.0.2 CF27 y 8.x hasta 8.0.0.1 CF09 permite a atacantes remotos causar una denegación de servicio o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013 http://www-01.ibm.com/support/docview.wss?uid=swg21662873 https://exchange.xforce.ibmcloud.com/vulnerabilities/89235 •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en IBM Connections Portlets 4.x anterior a 4.5.1 FP1 para IBM WebSphere Portal 7.0.0.2 y 8.0.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21663921 https://exchange.xforce.ibmcloud.com/vulnerabilities/90802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •