CVSS: 4.3EPSS: 0%CPEs: 62EXPL: 0CVE-2013-0587
https://notcve.org/view.php?id=CVE-2013-0587
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM WebSphere Portal anterior a v8.0.0.1 CF07 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de los temas (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, o (4) PortalWeb2. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118 http://www-01.ibm.com/support/docview.wss?uid=swg21646618 https://exchange.xforce.ibmcloud.com/vulnerabilities/84345 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2013-0549
https://notcve.org/view.php?id=CVE-2013-0549
Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad Cross-site scripting (XSS) en Web Content Manager - Web Content Viewer Portlet en el servidor IBM WebSphere Portal v7.0.0.x hasta v7.0.0.2 CF22 y v8.0.0.x hasta v8.0.0.1 CF5, cuando se utiliza la API IBM Portlet, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM84525 http://www-01.ibm.com/support/docview.wss?uid=swg21638984 https://exchange.xforce.ibmcloud.com/vulnerabilities/82762 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 39EXPL: 0CVE-2013-2950
https://notcve.org/view.php?id=CVE-2013-2950
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en IBM WebSphere Portal v6.1.0.x anterior a v6.1.0.3 CF26, v6.1.5.x anterior a v6.1.5 CF26, v7.0.0.x anterior a v7.0.0.2 CF21, y v8.0.0.x hasta v8.0.0.1 CF5 cuando la sustitución home (también conocida como uri.home.substitution) esta habilitada, permite a atacantes remotos autenticados inyectar cabeceras HTTP de su elección y llevar a cabo ataques de separación de respuesta HTTP a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071 http://www-01.ibm.com/support/docview.wss?uid=swg21638864 https://exchange.xforce.ibmcloud.com/vulnerabilities/83618 • CWE-94: Improper Control of Generation of Code ('Code Injection') •