CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2013-6328
https://notcve.org/view.php?id=CVE-2013-6328
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Vulnerabilidad cross-site scripting (XSS) UI en IBM Websphere Poral 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.2 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF09 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores que involucran elementos iFRAME. • http://osvdb.org/101269 http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 http://www.securityfocus.com/bid/64495 https://exchange.xforce.ibmcloud.com/vulnerabilities/88909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 1CVE-2013-6735 – IBM Web Content Manager XPath Injection
https://notcve.org/view.php?id=CVE-2013-6735
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permite a atacantes remotos obtener información Java Content Repository (JCR) sensile a través de una URL Web Content Manager (WCM) modificada. IBM Web Content Manager versions 6.x, 7.x, and 8.x suffer from blind XPath injection attacks. This allows an attacker to get current application configuration, enumerate nodes, and extract other valuable information from vulnerable installations of Web Content Manager. • http://osvdb.org/101255 http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html http://secunia.com/advisories/56161 http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777 http://www-01.ibm.com/support/docview.wss?uid=swg21660289 http://www.securityfocus.com/archive/1/530552/100/0/threaded http://www.securityfocus.com/bid/64496 http://www.securitytracker.com/id/1029539 https://exchange.xforce.ibmcloud.com/vulnerabilities/89591 https://www-304.ibm& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2013-5454
https://notcve.org/view.php?id=CVE-2013-5454
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL. IBM WebSphere Portal 6.0 hasta la 6.0.1.7, 6.1.0 hasta la 6.1.0.6 CF27, 6.1.5 hasta la 6.1.5.3 CF27, 7.0 hasta la 7.0.0.2 CF25, y 8.0 hasta la 8.0.0.1 CF08 permite a atacantes remotos leer archivos de su elección a través de un URL modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205 http://www-01.ibm.com/support/docview.wss?uid=swg21655656 https://exchange.xforce.ibmcloud.com/vulnerabilities/88253 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-5379
https://notcve.org/view.php?id=CVE-2013-5379
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality. Vulnerabilidad de XSS en IBM WebSphere Portal 7.x anterior a la versión 7.0.0.2 CF25 y 8.x anterior a 8.0.0.1 CF8 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario mediante el aprovechamiento de una funcionalidad de etiquetado inapropiada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047 http://www-01.ibm.com/support/docview.wss?uid=swg21655635 https://exchange.xforce.ibmcloud.com/vulnerabilities/86930 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5378
https://notcve.org/view.php?id=CVE-2013-5378
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration. Vulnerabilidad de XSS en IBM WebSphere Portal 8.x anterior a la versión 8.0.0.1 CF8 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario mediante el aprovechamiento de integraciones incorrectas de IBM Connections. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM95802 http://www-01.ibm.com/support/docview.wss?uid=swg1PM95881 http://www-01.ibm.com/support/docview.wss?uid=swg1PM97593 http://www-01.ibm.com/support/docview.wss?uid=swg21655634 https://exchange.xforce.ibmcloud.com/vulnerabilities/86929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •