CVSS: 3.5EPSS: 0%CPEs: 99EXPL: 0CVE-2014-0914
https://notcve.org/view.php?id=CVE-2014-0914
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field. Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8 y 6.x y 7.x hasta 7.5.0.6, Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk y Maximo Asset Management 6.2 hasta 6.2.8 para Tivoli IT Asset Management for IT y Maximo Service Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo Query Description. • http://secunia.com/advisories/59570 http://secunia.com/advisories/59640 http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679 http://www-01.ibm.com/support/docview.wss?uid=swg21678885 http://www.securityfocus.com/archive/1/533110/100/0/threaded http://www.securityfocus.com/bid/68839 https://exchange.xforce.ibmcloud.com/vulnerabilities/91883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 99EXPL: 0CVE-2014-3025
https://notcve.org/view.php?id=CVE-2014-3025
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/. Múltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de entradas no especificadas en un fichero .jsp bajo webclient/utility/. • http://secunia.com/advisories/59570 http://secunia.com/advisories/59640 http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241 http://www-01.ibm.com/support/docview.wss?uid=swg21678754 https://exchange.xforce.ibmcloud.com/vulnerabilities/93064 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 85EXPL: 0CVE-2013-5402
https://notcve.org/view.php?id=CVE-2013-5402
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, y Maximo for Utilities 7.1.x a 7.1.1.12, 7.5 anteriores a 7.5.0.3 IFIX014, y 7.5.0.5 anteriores a IFIX003; SmartCloud Control Desk (SCCD) 7.5 anteriores a 7.5.0.3 IFIX014 y 7.5.0.5 anteriores a IFIX003; y Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, y Change y Configuration Management Database (CCMDB) 7.1.x a 7.1.1.12, 7.1.2, y 7.2.x a 7.2.1 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268 http://www-01.ibm.com/support/docview.wss?uid=swg21660032 http://www.securityfocus.com/bid/64333 https://exchange.xforce.ibmcloud.com/vulnerabilities/87298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2012-3327
https://notcve.org/view.php?id=CVE-2012-3327
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v6.2 hasta v7.5, Maximo Asset Management Essentials v6.2 hasta v7.5, Tivoli Asset Management for IT v6.2 hasta v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change and Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5 que permite ataques remotos que inyectan comandos web o HTML a través de vectores relacionados con una acción de registro. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/78039 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2012-3328
https://notcve.org/view.php?id=CVE-2012-3328
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer. Vulnerabilidad XSS en IBM Maximo Asset Management v7.1, Maximo Asset Management Essentials v7.1, Tivoli Asset Management para IT v7.1 y v7.2, Tivoli Service Request Manager v7.1 y v7.2, y Change y Configuration Management Database (CCMDB) v7.1 v 7.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que involucran a un marco (frame) oculto en el pie. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/78040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •