CVE-2013-0459
https://notcve.org/view.php?id=CVE-2013-0459
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47, 7,0 antes de 7.0.0.27, 8,0 antes de 8.0.0.6 y 8.5 antes de 8.5.0.2 que permite a atacantes remotos inyectar web script o HTML arbitrario a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM72536 http://www.ibm.com/support/docview.wss?uid=swg21622444 https://exchange.xforce.ibmcloud.com/vulnerabilities/81013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0458
https://notcve.org/view.php?id=CVE-2013-0458
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.27, v8.0 anterior a v8.0.0.6, y v8.5 anterior a v8.5.0.2, cuando la seguridad de inicio de sesión está desactivada, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM71139 http://www.ibm.com/support/docview.wss?uid=swg21622444 https://exchange.xforce.ibmcloud.com/vulnerabilities/81012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4853
https://notcve.org/view.php?id=CVE-2012-4853
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure. Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en IBM WebSphere Application Server v6.1 antes de v6.1.0.45, v7.0 antes de v7.0.0.25, v8.0 antes de v8.0.0.5 y v8.5 antes de v8.5.0.1 permite a los atacantes remotos secuestrar la autenticación de usuarios de su elección para peticiones provocan revelación de información. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM62920 http://www.ibm.com/support/docview.wss?uid=swg21614265 http://www.securityfocus.com/bid/56458 https://exchange.xforce.ibmcloud.com/vulnerabilities/79598 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2012-4851
https://notcve.org/view.php?id=CVE-2012-4851
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM WebSphere Application Server v8.5 Liberty Profile antes de v8.5.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URI diseñada para tal fin. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM68643 http://www.ibm.com/support/docview.wss?uid=swg21614265 http://www.securityfocus.com/bid/56423 https://exchange.xforce.ibmcloud.com/vulnerabilities/79541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-3304
https://notcve.org/view.php?id=CVE-2012-3304
The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors. La consola de administración de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.45, v7.0 antes de v7.0.0.25, v8.0 antes de v8.0.0.5, y v8.5 antes de v8.5.0.1 permite a los atacantes remotos secuestrar sesiones a través de vectores no especificados. • http://osvdb.org/85733 http://www-01.ibm.com/support/docview.wss?uid=swg1PM54356 http://www.ibm.com/support/docview.wss?uid=swg21611313 https://exchange.xforce.ibmcloud.com/vulnerabilities/77476 •