Page 23 of 129 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en PageBuilder2 (Page Builder aka) en IBM WebSphere Portal v7.0.0.1 7.x antes de CF006, como el usado en IBM Content Manager Web (WCM) y otros productos, permite a atacantes remotos inyectar arbitrariamente web script o HTML a través de vectores no especificados. • http://secunia.com/advisories/45106 http://www.ibm.com/support/docview.wss?uid=swg21503959 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el centro de búsqueda IBM WebSphere Portal v7.0.0.1 anteriores a CF004 permite a atacantes remotos inyectar script de su elección o HTML a través de vectores no especificados. • http://osvdb.org/72500 http://secunia.com/advisories/44700 http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644 http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009 http://www.ibm.com/support/docview.wss?uid=swg24029452 http://www.securityfocus.com/bid/47954 https://exchange.xforce.ibmcloud.com/vulnerabilities/67594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests. La implementación de objetos OutputMediator en IBM WebSphere Portal v6.0.1.7, v7.0.0.1 y anteriores a CF002, permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria) a través de peticiones. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM33432 http://www.ibm.com/support/docview.wss?uid=swg24029452 https://exchange.xforce.ibmcloud.com/vulnerabilities/67687 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message." IBM WebSphere Portal v6.0.1.1 hasta v7.0.0.0, como el utilizado en IBM Lotus Web Content Management (WCM) e IBM Lotus Quickr para WebSphere Portal, permite a atacantes remotos obtener información sensible a través de un "mensaje modificado." • http://osvdb.org/70688 http://secunia.com/advisories/43081 http://www-01.ibm.com/support/docview.wss?uid=swg1PM22159 http://www-01.ibm.com/support/docview.wss?uid=swg1PM22167 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24319 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24320 http://www-01.ibm.com/support/docview.wss? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados en SemanticTagService.js en IBM WebSphere Portal v6.1.0.1 permite a atacantes remotos inyecatar código web o HTML a través de vectores no especificados. NOTA: NOTA: algunos de estos detalles han sido obtenidos de terceras partes. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK91972 http://www.vupen.com/english/advisories/2010/2827 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •