CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0305
https://notcve.org/view.php?id=CVE-2016-0305
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM Connections es vulnerable a XSS, causada por una validación incorrecta de la entrada suministrada por el usuario. Un atacante remoto podría explotar esta vulnerabilidad utilizando una URL especialmente manipulada para ejecutar script en el buscador web de una víctima en el contexto de seguridad del sitio web de alojamiento, una vez que se hace clic en la URL. • http://www.ibm.com/support/docview.wss?uid=swg21986770 http://www.securityfocus.com/bid/92436 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0307
https://notcve.org/view.php?id=CVE-2016-0307
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. IBM Connections 5.5 y versiones anteriores permite a atacantes remotos obtener información sensible leyendo seguimientos de pila en respuestas devueltas. • http://www.ibm.com/support/docview.wss?uid=swg21986770 http://www.securityfocus.com/bid/92440 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0310
https://notcve.org/view.php?id=CVE-2016-0310
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM Connections 5.5 y versiones anteriores es vulnerable a un posible ataque de inyección de cabecera del host que podría provocar navegación al dominio del atacante. • http://www.ibm.com/support/docview.wss?uid=swg21988338 http://www.securityfocus.com/bid/92437 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2955
https://notcve.org/view.php?id=CVE-2016-2955
Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Connections 5.0 en versiones anteriores a CR4 y 5.5 en versiones anteriores a CR1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21988531 http://www.securityfocus.com/bid/92544 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-2958
https://notcve.org/view.php?id=CVE-2016-2958
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. IBM Connections 4.0 hasta la versión CR4, 4.5 hasta la versión CR5 y 5.0 en versiones anteriores a CR4 permite a usuarios remotos autenticados obtener información sensible leyendo una dirección de correo electrónico "arcaica" en una respuesta. • http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039 http://www-01.ibm.com/support/docview.wss?uid=swg21990864 http://www.securityfocus.com/bid/94328 http://www.securitytracker.com/id/1039231 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •