CVSS: 5.8EPSS: 0%CPEs: 45EXPL: 0CVE-2013-6722
https://notcve.org/view.php?id=CVE-2013-6722
Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. Vulnerabilidad de subida de archivos sin restricción en el portlet Registration/Edit My Profile en IBM WebSphere Portal 7.x anterior a 7.0.0.2 CF27 y 8.x hasta 8.0.0.1 CF09 permite a atacantes remotos causar una denegación de servicio o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013 http://www-01.ibm.com/support/docview.wss?uid=swg21662873 https://exchange.xforce.ibmcloud.com/vulnerabilities/89235 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0855
https://notcve.org/view.php?id=CVE-2014-0855
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en IBM Connections Portlets 4.x anterior a 4.5.1 FP1 para IBM WebSphere Portal 7.0.0.2 y 8.0.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21663921 https://exchange.xforce.ibmcloud.com/vulnerabilities/90802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4012
https://notcve.org/view.php?id=CVE-2013-4012
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. IBM Websphere Portal 8.0.0.x anteriores a 8.0.0.1 CF09, cuando se utiliza Content Template Catalog 4.0, no requiere privilegios administrativos para la instalación de archivos Portal Application Archive (PAA), lo cual permite a usuarios remotos autenticados modificar datos o causar una denegación de servicio a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 https://exchange.xforce.ibmcloud.com/vulnerabilities/85618 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-6316
https://notcve.org/view.php?id=CVE-2013-6316
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor. IBM Websphere Portal 7.0.0.x anteriores a 7.0.0.2 CF26, y 8.0.0.x anteriores a 8.0.0.1 CF09 no maneja apropiadamente cambios contenido-selección durante el renderizado del componente Taxonomy, lo cual permite a atacantes remotos obtener información sensible sobre propiedades en circunstancias oportunistas, aprovechando un error en un procesador de contexto Web COntent Manager (WCM). • http://osvdb.org/101270 http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 http://www.securityfocus.com/bid/64492 https://exchange.xforce.ibmcloud.com/vulnerabilities/88597 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2013-6328
https://notcve.org/view.php?id=CVE-2013-6328
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Vulnerabilidad cross-site scripting (XSS) UI en IBM Websphere Poral 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.2 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF09 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores que involucran elementos iFRAME. • http://osvdb.org/101269 http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 http://www.securityfocus.com/bid/64495 https://exchange.xforce.ibmcloud.com/vulnerabilities/88909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •