CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0704
https://notcve.org/view.php?id=CVE-2010-0704
Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Portlet Palette en IBM WebSphere Portal v6.0.1.5 wp6015_008_01, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del campo de búsqueda. • http://secunia.com/advisories/38574 http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4152
https://notcve.org/view.php?id=CVE-2009-4152
Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Collaboration en IBM WebSphere Portal v6.1.x anterior v6.1.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través la etiqueta del selector de personas. • http://secunia.com/advisories/37526 http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429 http://www-01.ibm.com/support/docview.wss?uid=swg27014411 http://www.securityfocus.com/bid/37159 http://www.vupen.com/english/advisories/2009/3367 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4153
https://notcve.org/view.php?id=CVE-2009-4153
Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory. Vulnerabilidad sin especificar en el componente XMLAccess en IBM WebSphere Portal v6.1.x anterior a v6.1.0.3 tiene un impacto y vectores de ataque desconocidos, relacionados con el directorio de trabajo. • http://secunia.com/advisories/37526 http://www-01.ibm.com/support/docview.wss?uid=swg1PK93783 http://www-01.ibm.com/support/docview.wss?uid=swg27014411 http://www.securityfocus.com/bid/37159 http://www.vupen.com/english/advisories/2009/3367 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0899
https://notcve.org/view.php?id=CVE-2009-0899
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 a la v6.1.0.24 y v7.0 a la v7.0.0.4, IBM WebSphere Portal Server v5.1 a la v6.0, e IBM Integrated Solutions Console (ISC) v6.0.1, no establecen adecuadamente la opción de seguridad IsSecurityEnabled durante la migración de WebSphere Member Manager (WMM) a Virtual Member Manager (VMM) y a Federated Repository, lo que permite a atacantes obtener información sensible de los repositorios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21375859 http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134 http://www.securityfocus.com/bid/35406 https://exchange.xforce.ibmcloud.com/vulnerabilities/50882 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2009-1010
https://notcve.org/view.php?id=CVE-2009-1010
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008. Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server 8.2.2 y 8.3.0 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad, relacionado con HTML, una vulnerabilidad diferente a CVE-2009-1008. • http://osvdb.org/53749 http://secunia.com/advisories/34693 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html http://www.securityfocus.com/bid/34461 http://www.securitytracker.com/id?1022055 http://www.us-cert.gov/cas/techalerts/TA09-105A.html •