CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1761
https://notcve.org/view.php?id=CVE-2017-1761
09 Feb 2018 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las f... • http://www.ibm.com/support/docview.wss?uid=swg22012416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1401
https://notcve.org/view.php?id=CVE-2018-1401
09 Feb 2018 — IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437. IBM WebSphere Portal 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalid... • http://www.securityfocus.com/bid/102973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1698
https://notcve.org/view.php?id=CVE-2017-1698
27 Dec 2017 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podría revelar información sensible en un mensaje de error, lo que podría dar lugar a más ataques contra el sistema. IBM X-Force ID: 124390. • http://www.ibm.com/support/docview.wss?uid=swg22011519 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1536
https://notcve.org/view.php?id=CVE-2017-1536
11 Dec 2017 — IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733. IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código... • http://www.ibm.com/support/docview.wss?uid=swg22008031 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2017-1577
https://notcve.org/view.php?id=CVE-2017-1577
27 Sep 2017 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para visualizar a... • http://www.ibm.com/support/docview.wss?uid=swg22008586 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 57EXPL: 0CVE-2017-1189
https://notcve.org/view.php?id=CVE-2017-1189
07 Sep 2017 — IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558. IBM WebSphere Portal y Web Content Manager 6.1, 7.0 y 8.0 son vulnerables a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript a... • http://www.ibm.com/support/docview.wss?uid=swg22008028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1303
https://notcve.org/view.php?id=CVE-2017-1303
31 Jul 2017 — IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457. IBM WebSphere Portal y Web Content Manager 7.0, 8.0, 8.5 y 9.0 son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios que incrusten un código arbitrario ... • http://www.ibm.com/support/docview.wss?uid=swg22004979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8922
https://notcve.org/view.php?id=CVE-2016-8922
01 Feb 2017 — Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Exphox WebRadar es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de creden... • http://www.ibm.com/support/docview.wss?uid=swg21993561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2016-5954
https://notcve.org/view.php?id=CVE-2016-5954
12 Sep 2016 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. IBM WebSphere Portal 6.1.0 hasta la versión 6.1.0.6 CF27, 6.1.5 hasta la versión 6.1.5.3 CF27, 7.0.0 hasta la versión 7.0.0.2 CF30, 8.0.0 hasta la versión 8.0.0.1 CF21 y 8.5.0 en versiones anteriores a CF12 permite a usuarios remotos autenticados provocar una dene... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67037 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2016-2925
https://notcve.org/view.php?id=CVE-2016-2925
08 Aug 2016 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.x hasta la versión 6.1.0.6 CF27, 6.1.5.x hasta la versión 6.1.5.3 CF27, 7.x hasta la versión 7.0.0.2 CF30, 8.0.0.x hasta la versión 8.0.0.1 CF21 y 8.5.0 en versiones... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •