Page 22 of 206 results (0.010 seconds)

CVSS: 3.5EPSS: 0%CPEs: 41EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad cross-site scripting (XSS) en Administrative Console de IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8, y 8.5.x anteriores a 8.5.5.2 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de una URL manipulada. • http://osvdb.org/102119 http://www-01.ibm.com/support/docview.wss?uid=swg1PM98132 http://www-01.ibm.com/support/docview.wss?uid=swg21661323 http://www-01.ibm.com/support/docview.wss?uid=swg21661325 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www.securityfocus.com/bid/65099 https://exchange.xforce.ibmcloud.com/vulnerabilities/89280 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 39EXPL: 0

The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation. La funcionalidad de migración en IBM WebSphere Application Server (WAS) 7.0 antes 7.0.0.31, 8.0 antes 8.0.0.8, y 8.5 antes de 8.5.5.1 no soporta adecuadamente la distinción entre el rol de administrador y el rol adminsecmanager, que permite a usuarios remotos autenticados obtener privilegios en circunstancias oportunistas accedediendo a los recursos en medio de una migración y una evaluación de role • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 http://www-01.ibm.com/support/docview.wss?uid=swg1PM92313 https://exchange.xforce.ibmcloud.com/vulnerabilities/87476 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data. Vulnerabilidad de XSS en IBM WebSphere Application Server (WAS) 7.0 anterior a la versión 7.0.0.31, 8.0 anterior a 8.0.0.8, y 8.5 anterior a la versión 8.5.5.1 permite a atacantes remotos inyectar script web o HTML arbitrario a través de datos de respuesta HTTP. • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 http://www-01.ibm.com/support/docview.wss?uid=swg1PM93323 http://www-01.ibm.com/support/docview.wss?uid=swg1PM93944 http://www.securityfocus.com/bid/63780 https://exchange.xforce.ibmcloud.com/vulnerabilities/87479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 39EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la consola Administrative de IBM WebSphere Application Server (WAS) 7.0 anterior a la versión 7.0.0.31, 8.0 anterior a 8.0.0.8, y 8.5 anterior a la versión 8.5.5.1 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a través de una URL diseñada. • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 http://www-01.ibm.com/support/docview.wss?uid=swg1PM96477 http://www.securityfocus.com/bid/63778 https://exchange.xforce.ibmcloud.com/vulnerabilities/87480 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 68EXPL: 0

Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad cross-site scripting (XSS) en la consola administrativa UDDI de IBM WebSphere Application Server (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteriores a 7.0.0.31), 8.0 (anteriores a 8.0.0.8) y 8.5 (anteriores a 8.5.5.1) permite a un atacante remoto inyectar script web o HTML a discrección a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM91892 http://www.ibm.com/support/docview.wss?uid=swg21647522 https://exchange.xforce.ibmcloud.com/vulnerabilities/86504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •