Page 25 of 147 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 68EXPL: 0

Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad cross-site scripting (XSS) en la consola administrativa UDDI de IBM WebSphere Application Server (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteriores a 7.0.0.31), 8.0 (anteriores a 8.0.0.8) y 8.5 (anteriores a 8.5.5.1) permite a un atacante remoto inyectar script web o HTML a discrección a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM91892 http://www.ibm.com/support/docview.wss?uid=swg21647522 https://exchange.xforce.ibmcloud.com/vulnerabilities/86504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 87EXPL: 0

The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors. La implementación WS-Security en IBM WebSphere Application (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteriores a 7.0.0.31), 8.0 (anteriores a 8.5.5.1) y WAS Feature Pack para Web Services 6.1 (anteriores a 6.1.0.47), cuando un almacén de confianza es configurado para Firmas Digitales XML, no verifica certificados X.509 apropiadamente, lo que permite a atacantes remotos obtener acceso con privilegios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949 http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521 http://www.ibm.com/support/docview.wss?uid=swg21647522 https://exchange.xforce.ibmcloud.com/vulnerabilities/86505 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v8.0 anterior a v8.0.0.7 y v8.5 anterior a v8.5.5.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM81571 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 http://www.securityfocus.com/bid/61935 https://exchange.xforce.ibmcloud.com/vulnerabilities/85268 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 36EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0 cuando se utiliza OAuth, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM85834 http://www-01.ibm.com/support/docview.wss?uid=swg1PM87131 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/83609 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM78614 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/83871 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •