CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2011-0315
https://notcve.org/view.php?id=CVE-2011-0315
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. Ejecución de secuencias de comandos en sitios cruzados (XSS) en los componentes Servlet Engine / Web Container en IBM WebSphere Application Server (WAS) 6.1 anterior a v6.1.0.35 y v7.0 antrior a v7.0.0.15 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con el falta de una página de error para una aplicación. • http://secunia.com/advisories/42938 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18512 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 https://exchange.xforce.ibmcloud.com/vulnerabilities/64554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2010-0784
https://notcve.org/view.php?id=CVE-2010-0784
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Administrative Console in IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.13 permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores no espefificados. • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM17046 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23872 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/43874 http://www.vupen.com/english/advisories/2010/2595 https://exchange.xforce.ibmcloud.com/vulnerabilities/62948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2010-4220
https://notcve.org/view.php?id=CVE-2010-4220
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Consola de Solución Integrada en el componente Administrative Console de IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.13 permite a los atacantes remotos inyectar código web o HTML a su elección a través de vectores no especificados, relativos en parte a "inyección URL". • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM11777 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0CVE-2010-0786
https://notcve.org/view.php?id=CVE-2010-0786
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data. El componente Web Services Security en IBM WebSphere Application Server (WAS) v7.0 anteiror v7.0.0.13 no implementa adecuadamente la API Java para los Web Services XML (también conocido como JAX-WS), lo que permite a atacantes remotos causar una denegación de servicio (corrupción de datos) a través de una petición JAX-WS manipulada que provoca datos codificados incorrectamente. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM13777 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 https://exchange.xforce.ibmcloud.com/vulnerabilities/62950 • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 33EXPL: 0CVE-2010-0785
https://notcve.org/view.php?id=CVE-2010-0785
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.35 y v7.0 y v7.0.0.13, permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar a través de vectores desconocidos. • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/43875 http://www.vupen.com/english/advisories/2010/2595 https://exchange.xforce.ibmcloud.com/vulnerabilities/62949 • CWE-352: Cross-Site Request Forgery (CSRF) •