CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2014-0828
https://notcve.org/view.php?id=CVE-2014-0828
Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz de usuario de WCM (Web Content Manager) en IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF27 y 8.0.0.x anterior a 8.0.0.1 CF11 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734 http://www-01.ibm.com/support/docview.wss?uid=swg21667016 http://www.securityfocus.com/bid/66556 https://exchange.xforce.ibmcloud.com/vulnerabilities/90566 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2013-6730
https://notcve.org/view.php?id=CVE-2013-6730
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results. IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x anterior a 7.0.0.2 CF27 y 8.0.0.x anterior a 8.0.0.1 CF10, cuando la configuración wcm.path.traversal.security está habilitada, permite a atacantes remotos evadir restricciones de lectura en un artículo mediante el acceso a este artículo dentro de los resultados de búsqueda. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185 http://www-01.ibm.com/support/docview.wss?uid=swg21665915 https://exchange.xforce.ibmcloud.com/vulnerabilities/89363 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 45EXPL: 0CVE-2013-6722
https://notcve.org/view.php?id=CVE-2013-6722
Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. Vulnerabilidad de subida de archivos sin restricción en el portlet Registration/Edit My Profile en IBM WebSphere Portal 7.x anterior a 7.0.0.2 CF27 y 8.x hasta 8.0.0.1 CF09 permite a atacantes remotos causar una denegación de servicio o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013 http://www-01.ibm.com/support/docview.wss?uid=swg21662873 https://exchange.xforce.ibmcloud.com/vulnerabilities/89235 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0855
https://notcve.org/view.php?id=CVE-2014-0855
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en IBM Connections Portlets 4.x anterior a 4.5.1 FP1 para IBM WebSphere Portal 7.0.0.2 y 8.0.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21663921 https://exchange.xforce.ibmcloud.com/vulnerabilities/90802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4012
https://notcve.org/view.php?id=CVE-2013-4012
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. IBM Websphere Portal 8.0.0.x anteriores a 8.0.0.1 CF09, cuando se utiliza Content Template Catalog 4.0, no requiere privilegios administrativos para la instalación de archivos Portal Application Archive (PAA), lo cual permite a usuarios remotos autenticados modificar datos o causar una denegación de servicio a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 https://exchange.xforce.ibmcloud.com/vulnerabilities/85618 • CWE-264: Permissions, Privileges, and Access Controls •