CVSS: 6.8EPSS: 0%CPEs: 42EXPL: 0CVE-2013-0460
https://notcve.org/view.php?id=CVE-2013-0460
Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Cross-site request forgery (CSRF) vulnerabilidad en el subsistema de portlet en la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47 y v7,0 antes de v7.0.0.27 que permitía que los atacantes remotos secuestraran la autenticación de usuarios para peticiones arbitrarias que insertan cross-site scripting (XSS) secuencias. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM72275 http://www.ibm.com/support/docview.wss?uid=swg21622444 https://exchange.xforce.ibmcloud.com/vulnerabilities/81014 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 50EXPL: 0CVE-2013-0459
https://notcve.org/view.php?id=CVE-2013-0459
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47, 7,0 antes de 7.0.0.27, 8,0 antes de 8.0.0.6 y 8.5 antes de 8.5.0.2 que permite a atacantes remotos inyectar web script o HTML arbitrario a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM72536 http://www.ibm.com/support/docview.wss?uid=swg21622444 https://exchange.xforce.ibmcloud.com/vulnerabilities/81013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 50EXPL: 0CVE-2013-0458
https://notcve.org/view.php?id=CVE-2013-0458
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.27, v8.0 anterior a v8.0.0.6, y v8.5 anterior a v8.5.0.2, cuando la seguridad de inicio de sesión está desactivada, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM71139 http://www.ibm.com/support/docview.wss?uid=swg21622444 https://exchange.xforce.ibmcloud.com/vulnerabilities/81012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 50EXPL: 0CVE-2013-0461
https://notcve.org/view.php?id=CVE-2013-0461
Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) en el Virtual Member Manager (VMM) de la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47, v7.0.0.27 antes de v7,0, v8,0 antes de v8.0.0.6 y v8.5 antes de v8.5.0.2 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM71389 http://www.ibm.com/support/docview.wss?uid=swg21622444 https://exchange.xforce.ibmcloud.com/vulnerabilities/81015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2013-0462
https://notcve.org/view.php?id=CVE-2013-0462
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. Vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) v6,1, v7,0 antes de v7.0.0.27, v8.0, y v8.5 tiene un impacto desconocido y vectores de ataque. • http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785 •