Page 17 of 96 results (0.036 seconds)

CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v6.2 hasta v7.5, Maximo Asset Management Essentials v6.2 hasta v7.5, Tivoli Asset Management for IT v6.2 hasta v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change and Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5 que permite ataques remotos que inyectan comandos web o HTML a través de vectores relacionados con una acción de registro. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/78039 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation. IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, y SmartCloud Control Desk 7.5 permite a usuarios remotos autenticados para obtener privilegios a través de vectores relacionados con una operación de importación. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/80748 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y SmartCloud Control Desk v7.5 que permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores relacionados con un identificador de sesión de la interfaz de usuario (uisessionid). • http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/81011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name. Vulnerabilidad XSS en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente, inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con el "display name". • http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/77918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0

Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en Tivoli Process Automation Engine (TPAE) en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 a la v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente inyectar secuencias de comandos web y HTML de su elección a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/77813 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •