CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4838
https://notcve.org/view.php?id=CVE-2014-4838
Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en GanttProjectSchedulerPopup.jsp en IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2 y 3.4 anterior a 3.4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61056 http://www-01.ibm.com/support/docview.wss?uid=swg21686233 https://exchange.xforce.ibmcloud.com/vulnerabilities/95634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4836
https://notcve.org/view.php?id=CVE-2014-4836
Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en breakOutWithName.jsp en IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2 y 3.4 anterior a 3.4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61056 http://www-01.ibm.com/support/docview.wss?uid=swg21686240 https://exchange.xforce.ibmcloud.com/vulnerabilities/95630 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2014-4840
https://notcve.org/view.php?id=CVE-2014-4840
IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2 y 3.4 anterior a 3.4.0.1 permite a atacantes remotos ejecutar código arbitrario a través de una URL manipulada. • http://secunia.com/advisories/61056 http://www-01.ibm.com/support/docview.wss?uid=swg21686230 https://exchange.xforce.ibmcloud.com/vulnerabilities/95636 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-6726
https://notcve.org/view.php?id=CVE-2013-6726
Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en WebProcess.srv en IBM TRIRIGA Application Platform 3.2.x y 3.3.x anterior a 3.3.1.2 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21671968 https://exchange.xforce.ibmcloud.com/vulnerabilities/89281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5950
https://notcve.org/view.php?id=CVE-2012-5950
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8 permite a atacantes remotos secuestrar la autenticación de los usuarios arbitrarios de solicitudes que modifican los registros de datos a través de vectores relacionados (1) el html/es/default/ o (2) sqa/html/es/default/proceso/comm/saveProps.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628849 https://exchange.xforce.ibmcloud.com/vulnerabilities/80630 • CWE-352: Cross-Site Request Forgery (CSRF) •