CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34166
https://notcve.org/view.php?id=CVE-2022-34166
IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430. IBM CICS TX Standard y Advanced versión 11.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229430 https://www.ibm.com/support/pages/node/6601579 https://www.ibm.com/support/pages/node/6601609 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34160
https://notcve.org/view.php?id=CVE-2022-34160
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330. IBM CICS TX Standard y Advanced versión 11.1, es vulnerable a una inyección de HTML. Un atacante remoto podría inyectar código HTML malicioso que, cuando sea visualizado, será ejecutado en el navegador web de la víctima dentro del contexto de seguridad del sitio de alojamiento. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229330 https://www.ibm.com/support/pages/node/6601553 https://www.ibm.com/support/pages/node/6601555 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31767
https://notcve.org/view.php?id=CVE-2022-31767
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980. IBM CICS TX Standard y Advanced versión 11.1, podría permitir a un atacante remoto ejecutar comandos arbitrarios en el sistema mediante el envío de una petición especialmente diseñada. IBM X-Force ID: 227980 • https://exchange.xforce.ibmcloud.com/vulnerabilities/227980 https://www.ibm.com/support/pages/node/6597531 https://www.ibm.com/support/pages/node/6597533 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •