CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2011-2020
https://notcve.org/view.php?id=CVE-2011-2020
Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en TIBCO iProcess Engine antes de v11.1.3 y iProcess Workspace antes de v11.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/72553 http://secunia.com/advisories/44639 http://www.securityfocus.com/bid/47921 http://www.tibco.com/multimedia/iprocess_advisory_20110518_tcm8-13710.txt http://www.tibco.com/services/support/advisories/iprocess-advisory_20110518.jsp http://www.vupen.com/english/advisories/2011/1272 https://exchange.xforce.ibmcloud.com/vulnerabilities/67537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2011-2021
https://notcve.org/view.php?id=CVE-2011-2021
Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en TIBCO iProcess Engine antes de v11.1.3 y iProcess Workspace antes de v 11.3.1, permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://osvdb.org/72554 http://secunia.com/advisories/44639 http://www.securityfocus.com/bid/47921 http://www.tibco.com/multimedia/iprocess_advisory_20110518_tcm8-13710.txt http://www.tibco.com/services/support/advisories/iprocess-advisory_20110518.jsp http://www.vupen.com/english/advisories/2011/1272 https://exchange.xforce.ibmcloud.com/vulnerabilities/67538 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1414
https://notcve.org/view.php?id=CVE-2011-1414
Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el servidor web tibbr, tal como se utiliza en tibbr TIBCO 1.0.0 hasta la versión 1.5.0 y tibbr service 1.0.0 hasta 1.5.0. Permite a atacantes remotos inyectar codigo de script web o código HTML a través de vectores no especificados. • http://secunia.com/advisories/43765 http://securitytracker.com/id?1025220 http://www.osvdb.org/71178 http://www.securityfocus.com/bid/46891 http://www.tibco.com/multimedia/tibbr_advisory_20110315_tcm8-13474.txt http://www.tibco.com/services/support/advisories/tibbr-tibbr-service-advisory_20110315.jsp http://www.vupen.com/english/advisories/2011/0687 https://exchange.xforce.ibmcloud.com/vulnerabilities/66113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2011-0649
https://notcve.org/view.php?id=CVE-2011-0649
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd). Múltiples vulnerabilidades no especificadas en Rendezvous versiones 8.2.1 hasta 8.3.0, Enterprise Message Service (EMS) versiones 5.1.0 hasta 6.0.0, Runtime Agent (TRA) versiones 5.6.2 hasta 5.7.0, Silver BPM Service anterior a versión 1.0.4, Silver CAP Service anterior a versión 1.0.2 y Silver BusinessWorks Service versión 1.0.0, de TIBCO, cuando son ejecutados en sistemas Unix, permiten a los usuarios locales alcanzar privilegios root por medio de vectores desconocidos relacionados con el SUID y (1) Demonio de Enrutamiento de Rendezvous (rvrd), (2) Demonio de Seguridad de Rendezvous (rvsd), (3) Demonio de Enrutamiento de Seguridad de Rendezvous (rvsrd), y (4) Servidor EMS (tibemsd). • http://secunia.com/advisories/43160 http://secunia.com/advisories/43174 http://www.securityfocus.com/bid/46104 http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt http://www.vupen.com/english/advisories/2011/0269 https://exchange.xforce.ibmcloud.com/vulnerabilities/65105 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4497
https://notcve.org/view.php?id=CVE-2010-4497
Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el servidor Collaborative Information Manager, como el usado en TIBCO Collaborative Information Manager anteriores a v8.1.0 y ActiveCatalog anteriores a v1.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/70372 http://secunia.com/advisories/42791 http://www.securityfocus.com/bid/45691 http://www.securitytracker.com/id?1024942 http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp http://www.vupen.com/english/advisories/2011/0037 https://exchange.xforce.ibmcloud.com/vulnerabilities/64521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •