Page 2 of 19 results (0.007 seconds)

CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0 y 7.0.1 en Citizen Portal podría permitir que un usuario autenticado elimine aplicaciones enviadas por otro usuario del sistema y, posiblemente, obtenga privilegios. IBM X-Force ID: 137380. • http://www.ibm.com/support/docview.wss?uid=swg22012528 https://exchange.xforce.ibmcloud.com/vulnerabilities/137380 •

CVSS: 5.4EPSS: 0%CPEs: 38EXPL: 0

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1 y 7.0.2 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012372 http://www.securityfocus.com/bid/102498 https://exchange.xforce.ibmcloud.com/vulnerabilities/134922 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0 y 7.0.1 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012366 http://www.securityfocus.com/bid/102492 https://exchange.xforce.ibmcloud.com/vulnerabilities/134921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 0

IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670. IBM Curam Social Program Management 6.0, 6.1, 6.2, y 7.0 podría permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirección abierta. • http://www.ibm.com/support/docview.wss?uid=swg22007160 https://exchange.xforce.ibmcloud.com/vulnerabilities/123670 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0

IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761. IBM Curam Social Program Management 6.0, 6.1, 6.2 y 7.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, alterando las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22007156 https://exchange.xforce.ibmcloud.com/vulnerabilities/119761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •