CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1899
https://notcve.org/view.php?id=CVE-2015-1899
25 May 2015 — IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. IBM WebSphere Portal 8.5 hasta CF05 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37139 • CWE-399: Resource Management Errors •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1921
https://notcve.org/view.php?id=CVE-2015-1921
25 May 2015 — Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en IBM WebSphere Portal 8.0.0 anterior a 8.0.0.1 CF17 y 8.5.0 anterior a CF06 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632 •
CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 0CVE-2015-1886
https://notcve.org/view.php?id=CVE-2015-1886
24 Apr 2015 — The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. Remote Document Conversion Service (DCS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF16, y 8.5.0 hasta CF05 permite a atacantes remot... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2015-1908
https://notcve.org/view.php?id=CVE-2015-1908
24 Apr 2015 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF16, y 8.5.0 hasta CF05, utilizado... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6214
https://notcve.org/view.php?id=CVE-2014-6214
13 Mar 2015 — Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF15 y 8.5.0 anterior a CF05 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0139
https://notcve.org/view.php?id=CVE-2015-0139
13 Mar 2015 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF15 y 8.5.0 anterior a CF05 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI33329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0177
https://notcve.org/view.php?id=CVE-2015-0177
13 Mar 2015 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 8.5.0 anterior a CF05 permite a usuarios remotos autenticados inyectar secuencias de comandos arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI35228 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2014-8909
https://notcve.org/view.php?id=CVE-2014-8909
13 Feb 2015 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF29, 8.0.0.x hasta 8.0.0.1 CF15, y 8.5.0 anterior a CF05 permite a usuarios remotos auten... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI30620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2014-6171
https://notcve.org/view.php?id=CVE-2014-6171
19 Dec 2014 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF14 y 8.5.0 anteriores a CF04 permite a atacantes remotos inyectar secuencias de coman... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI29134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6193
https://notcve.org/view.php?id=CVE-2014-6193
19 Dec 2014 — IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack. IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF14 y 8.5.0 anteriores a CF04, cuando está habilitada la configuración Páginas Gestionadas, permite a usuarios remotos autenticados escribir en las páginas a través de un ataque de inyección XML. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699 •