Page 6 of 36 results (0.010 seconds)

CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Múltiples vulnerabilidades de XSS en (1) mainpage.jsp y (2) GetImageServlet.img en IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 anterior a 3.3.2.3, y 3.4.1 anterior a 3.4.1.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/62674 http://www-01.ibm.com/support/docview.wss?uid=swg21694767 https://exchange.xforce.ibmcloud.com/vulnerabilities/99012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL. IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 anterior a 3.3.2.3, y 3.4.1 anterior a 3.4.1.1 permite a atacantes remotos evadir las restricciones de acceso y leer los ficheros de imágenes de usuarios arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/62674 http://www-01.ibm.com/support/docview.wss?uid=swg21694771 http://www.securityfocus.com/bid/72430 https://exchange.xforce.ibmcloud.com/vulnerabilities/99014 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0

Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter. Vulnerabilidad de redirección abierta en IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 anterior a 3.3.2.3, y 3.4.1 anterior a 3.4.1.1 permite a usuarios remotos autenticados redirigir usuarios redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través del parámetro out. • http://secunia.com/advisories/62674 http://www-01.ibm.com/support/docview.wss?uid=swg21694772 http://www.securityfocus.com/bid/72408 https://exchange.xforce.ibmcloud.com/vulnerabilities/99013 •

CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0

Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en birtviewer.query en IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2, y 3.4 anterior a 3.4.0.1 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21686241 https://exchange.xforce.ibmcloud.com/vulnerabilities/95635 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en NewDocument.jsp en IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2 y 3.4 anterior a 3.4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61056 http://www-01.ibm.com/support/docview.wss?uid=swg21686238 https://exchange.xforce.ibmcloud.com/vulnerabilities/95631 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •