CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2011-1357
https://notcve.org/view.php?id=CVE-2011-1357
Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en agentDetect.jsp en el web UI en IBM WebSphere Service Registry and Repository (WSRR) v6.3 anterior a v6.3.0.5, v7.0 anterior a v7.0.0.5, y v7.5 anterior a v7.5.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través header HTTP User-Agent • http://www.ibm.com/support/docview.wss?uid=swg1IV01657 https://exchange.xforce.ibmcloud.com/vulnerabilities/69040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2644
https://notcve.org/view.php?id=CVE-2010-2644
IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface. IBM WebSphere Service Registry y Repository (WSRR) 7v.0.0 anterior FP1 no implementa el control de acceso adecuadamente, lo que permite a atacantes remotos realizar acciones de gobierno a través de peticiones API no especificadas en una interfaz EJB. • http://secunia.com/advisories/42742 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ72563 http://www-01.ibm.com/support/docview.wss?uid=swg24026132 https://exchange.xforce.ibmcloud.com/vulnerabilities/63640 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 1CVE-2010-2985
https://notcve.org/view.php?id=CVE-2010-2985
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM WebSphere Service Registry and Repository (WSRR) v6.3, permite a atacantes remotos inyectar código web o HTML de su elección a través de (1) el parámetro searchTerm de ServiceRegistry/HelpSearch.do o (2) el parámetro queryItems[0].value de ServiceRegistry/QueryWizardProcessStep1.do. • http://secunia.com/advisories/40862 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75984 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ76926 http://www.securityfocus.com/bid/42281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2750
https://notcve.org/view.php?id=CVE-2009-2750
IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query. IBM WebSphere Service Registry y Repository (WSRR) v6.3.0 anterior FP2 no dispone de configuración de propiedades establecidas lo que permite a usuarios autenticados remotamente obtener acceso a datos no especificados a través de una petición de propiedades. • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ66279 http://www-01.ibm.com/support/docview.wss?uid=swg24025456 https://exchange.xforce.ibmcloud.com/vulnerabilities/55744 • CWE-16: Configuration •