CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5932
https://notcve.org/view.php?id=CVE-2016-5932
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294. BM Connections 4.0, 4.5, 5.0 y 5.5 son vulnerables a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz web alterando así la funcionalidad prevista que podría conducir a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21998294 http://www.securityfocus.com/bid/96453 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0308
https://notcve.org/view.php?id=CVE-2016-0308
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. IBM Connections 5.5 y versiones anteriores es vulnerable a un posible ataque de manipulación de link que podría resultar en la revelación de imágenes de background inapropiadas. • http://www.ibm.com/support/docview.wss?uid=swg21986770 http://www.securityfocus.com/bid/92439 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0305
https://notcve.org/view.php?id=CVE-2016-0305
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM Connections es vulnerable a XSS, causada por una validación incorrecta de la entrada suministrada por el usuario. Un atacante remoto podría explotar esta vulnerabilidad utilizando una URL especialmente manipulada para ejecutar script en el buscador web de una víctima en el contexto de seguridad del sitio web de alojamiento, una vez que se hace clic en la URL. • http://www.ibm.com/support/docview.wss?uid=swg21986770 http://www.securityfocus.com/bid/92436 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0307
https://notcve.org/view.php?id=CVE-2016-0307
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. IBM Connections 5.5 y versiones anteriores permite a atacantes remotos obtener información sensible leyendo seguimientos de pila en respuestas devueltas. • http://www.ibm.com/support/docview.wss?uid=swg21986770 http://www.securityfocus.com/bid/92440 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0310
https://notcve.org/view.php?id=CVE-2016-0310
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM Connections 5.5 y versiones anteriores es vulnerable a un posible ataque de inyección de cabecera del host que podría provocar navegación al dominio del atacante. • http://www.ibm.com/support/docview.wss?uid=swg21988338 http://www.securityfocus.com/bid/92437 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •