CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0932
https://notcve.org/view.php?id=CVE-2014-0932
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Sterling Order Management 8.5 anterior a HF105 y Sterling Selling y Fulfillment Foundation 9.0 anterior a HF85 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT00419 http://www-01.ibm.com/support/docview.wss?uid=swg21670912 http://www.securityfocus.com/bid/66993 https://exchange.xforce.ibmcloud.com/vulnerabilities/92264 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6322
https://notcve.org/view.php?id=CVE-2013-6322
Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Sterling Order Management en IBM Sterling Selling and Fulfillment Suite 8.0 anterior a la versión HF128 y 8.5 anterior a HF93 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC97745 http://www-01.ibm.com/support/docview.wss?uid=swg21656906 https://exchange.xforce.ibmcloud.com/vulnerabilities/88902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 65EXPL: 0CVE-2013-0578
https://notcve.org/view.php?id=CVE-2013-0578
The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI. Las APIs Sterling Order Management en IBM Sterling Multi-Channel Fulfillment Solution v8.0 anterior a HF128 y IBM Sterling Selling y Fulfillment Foundation 8.5 anterior a HF93, v9.0 anterior a HF73, v9.1.0 anterior a FP45, y v9.2.0 anterior a FP17, cuando la API de prueba esta habilitada, no requiere credenciales administrativas, lo que permite a los usuarios remotos autenticados obtener información sensible de bases de datos a través de una solicitud a la URI de la API de pruebas. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC91829 http://www-01.ibm.com/support/docview.wss?uid=swg21636034 https://exchange.xforce.ibmcloud.com/vulnerabilities/83330 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0506
https://notcve.org/view.php?id=CVE-2013-0506
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en IBM Sterling Order Management v8.0 anterior a HF127, 8.5 anterior a HF89, v9.0 anterior HF69, v9.1.0 anterior FP41, y v9.2.0 anterior FP13, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90858 http://www-01.ibm.com/support/docview.wss?uid=swg21631302 https://exchange.xforce.ibmcloud.com/vulnerabilities/82341 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0505
https://notcve.org/view.php?id=CVE-2013-0505
IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors. IBM Sterling Order Management v8.0 anterior a HF127, 8.5 anterior a HF89, v9.0 anterior HF69, v9.1.0 anterior FP41, y v9.2.0 anterior FP13, permite a usuarios autenticados remotamente llevar a cabo ataques de inyección XPath y leer archivos XML de su elección a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1ID358571 http://www-01.ibm.com/support/docview.wss?uid=swg21631302 https://exchange.xforce.ibmcloud.com/vulnerabilities/82339 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •