CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0855
https://notcve.org/view.php?id=CVE-2014-0855
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en IBM Connections Portlets 4.x anterior a 4.5.1 FP1 para IBM WebSphere Portal 7.0.0.2 y 8.0.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21663921 https://exchange.xforce.ibmcloud.com/vulnerabilities/90802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-6316
https://notcve.org/view.php?id=CVE-2013-6316
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor. IBM Websphere Portal 7.0.0.x anteriores a 7.0.0.2 CF26, y 8.0.0.x anteriores a 8.0.0.1 CF09 no maneja apropiadamente cambios contenido-selección durante el renderizado del componente Taxonomy, lo cual permite a atacantes remotos obtener información sensible sobre propiedades en circunstancias oportunistas, aprovechando un error en un procesador de contexto Web COntent Manager (WCM). • http://osvdb.org/101270 http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 http://www.securityfocus.com/bid/64492 https://exchange.xforce.ibmcloud.com/vulnerabilities/88597 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6723
https://notcve.org/view.php?id=CVE-2013-6723
IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors. IBM Websphere Portal 8.0.0.1 anteriores a CF09 no maneja apropiadamente referencias en componentes de navegador Web COntent Manager (WCM) compute="always", lo cual permite a atacantes remotos obtener información sensible de componentes a traés de vectores no especificados. • http://osvdb.org/101271 http://www-01.ibm.com/support/docview.wss?uid=swg1PI05684 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 http://www.securityfocus.com/bid/64488 https://exchange.xforce.ibmcloud.com/vulnerabilities/89278 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4012
https://notcve.org/view.php?id=CVE-2013-4012
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. IBM Websphere Portal 8.0.0.x anteriores a 8.0.0.1 CF09, cuando se utiliza Content Template Catalog 4.0, no requiere privilegios administrativos para la instalación de archivos Portal Application Archive (PAA), lo cual permite a usuarios remotos autenticados modificar datos o causar una denegación de servicio a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 https://exchange.xforce.ibmcloud.com/vulnerabilities/85618 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2013-6328
https://notcve.org/view.php?id=CVE-2013-6328
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Vulnerabilidad cross-site scripting (XSS) UI en IBM Websphere Poral 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.2 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF09 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores que involucran elementos iFRAME. • http://osvdb.org/101269 http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 http://www.securityfocus.com/bid/64495 https://exchange.xforce.ibmcloud.com/vulnerabilities/88909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •