Page 3 of 69 results (0.010 seconds)

CVSS: 3.5EPSS: 0%CPEs: 120EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10, y 8.5 anterior a 8.5.5.4 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de una URL manipulada. • http://secunia.com/advisories/61418 http://secunia.com/advisories/61423 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055 http://www-01.ibm.com/support/docview.wss?uid=swg21682767 http://www.kb.cert.org/vuls/id/573356 http://www.securityfocus.com/bid/69981 https://exchange.xforce.ibmcloud.com/vulnerabilities/95209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 1%CPEs: 58EXPL: 0

IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. IBM WebSphere Application Server (WAS) 6.1.0.0 hasta 6.1.0.47 y 6.0.2.0 hasta 6.0.2.43 permite a atacantes remotos causar una denegación de servicio a través de trafico TLS manipulado, tal y como fue demostrado por trafico de una herramienta de asesoramiento de vulnerabilidad de CVE-2014-0160. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14306 http://www-01.ibm.com/support/docview.wss?uid=swg1PI16981 http://www-01.ibm.com/support/docview.wss?uid=swg1PI17128 http://www-01.ibm.com/support/docview.wss?uid=swg21671835 http://www-304.ibm.com/support/docview.wss? • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 54EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.5.0.2 permite a atacantes remotos inyectar arbitraria secuencias de comandos web o HTML a través de los valores de campo artesanales. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM81846 https://exchange.xforce.ibmcloud.com/vulnerabilities/82697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM WebSphere Application Server v8.5 Liberty Profile antes de v8.5.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URI diseñada para tal fin. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM68643 http://www.ibm.com/support/docview.wss?uid=swg21614265 http://www.securityfocus.com/bid/56423 https://exchange.xforce.ibmcloud.com/vulnerabilities/79541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 135EXPL: 0

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. El complemento Web Server en IBM WebSphere Application Server (WAS) v8.0 y anteriores, utilizan comunicaciones sin HTTP cifrar después de la expiración de la contraseña de plugin-key.kdb, lo que permite a atacantes remotos obtener información sensible el tráfico de la red o servidores suplantar arbitrarios mediante un ataque man-in-the-middle. • http://www-01.ibm.com/support/docview.wss?uid=swg21588312 http://www-01.ibm.com/support/docview.wss?uid=swg21591172 https://exchange.xforce.ibmcloud.com/vulnerabilities/74900 • CWE-310: Cryptographic Issues •