Page 3 of 42 results (0.008 seconds)

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848. IBM Sametime 8.5.2 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en el mensaje de ausente de Sametime, alterando las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22006441 http://www.securityfocus.com/bid/100572 https://exchange.xforce.ibmcloud.com/vulnerabilities/113848 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0

IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934. IBM Sametime Connect 8.5.2 y 9.0, después de desinstalar Sametime Rich Client, podría divulgar información potencialmente sensible sobre el entorno de Sametime, así como de otros usuarios que se encuentren en la misma máquina local del usuario. IBM X-Force ID: 113934. • http://www.ibm.com/support/docview.wss?uid=swg22006444 http://www.securityfocus.com/bid/100528 https://exchange.xforce.ibmcloud.com/vulnerabilities/113934 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936. IBM Sametime Meeting Server 8.5.2 y 9.0 podría permitir que un invitado a una reunión obtenga información sensible previamente limpiada viendo el historial de informes de reunión. IBM X-Force ID: 113936. • http://www.ibm.com/support/docview.wss?uid=swg22006441 http://www.securityfocus.com/bid/100572 https://exchange.xforce.ibmcloud.com/vulnerabilities/113936 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993. Sametime WebPlayer 8.5.2 y 9.0 es vulnerable a una inyección de script por la cual un sitio malicioso puede inyectar sus propios scripts mediante la explotación de una vulnerabilidad de la misma forma que funciona WebPlayer. IBM X-Force ID: 113993. • http://www.ibm.com/support/docview.wss?uid=swg22006447 http://www.securityfocus.com/bid/100531 https://exchange.xforce.ibmcloud.com/vulnerabilities/113993 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. IBM Sametime Enterprise Meeting Server 8.5.2 y 9.0 podría permitir que un usuario autenticado que haya sido invitado a una sala de reuniones de Sametime detenga la compartición de pantalla mediante Cross-Site Request Forgery (CSRF). IBM X-Force ID: 111894. • http://www.ibm.com/support/docview.wss?uid=swg22006439 http://www.securityfocus.com/bid/100599 http://www.securitytracker.com/id/1039231 https://exchange.xforce.ibmcloud.com/vulnerabilities/111894 • CWE-352: Cross-Site Request Forgery (CSRF) •