CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2011-4819
https://notcve.org/view.php?id=CVE-2011-4819
13 Mar 2012 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permiten a usuarios remotos inyectar codigo de script web o código HTML de su el... • http://secunia.com/advisories/48299 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2008-3161 – IBM Maximo 4.1/5.2 - '/debug.jsp' HTML Injection / Information Disclosure
https://notcve.org/view.php?id=CVE-2008-3161
14 Jul 2008 — Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en sp/common/system/debug.jsp d... • https://www.exploit-db.com/exploits/32046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •