CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2014-8902
https://notcve.org/view.php?id=CVE-2014-8902
19 Dec 2014 — Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el Portlet de Blog en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF14 y 8.5.0 anteriores a CF04 permite a atac... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2014-6215
https://notcve.org/view.php?id=CVE-2014-6215
11 Dec 2014 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 anterior a 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 permite a usuarios remotos autenticados iny... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI24434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2014-6093
https://notcve.org/view.php?id=CVE-2014-6093
26 Nov 2014 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 7.0.x anterior a 7.0.0.2 CF29, 8.0.x hasta 8.0.0.1 CF14, y 8.5.x anterior a 8.5.0 CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/59752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 0CVE-2014-4808
https://notcve.org/view.php?id=CVE-2014-4808
28 Oct 2014 — Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 permite a usuarios remotos autenticados ejecutar código arbitrario a tra... • http://secunia.com/advisories/59740 •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4814
https://notcve.org/view.php?id=CVE-2014-4814
28 Oct 2014 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.... • http://secunia.com/advisories/59740 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4821
https://notcve.org/view.php?id=CVE-2014-4821
28 Oct 2014 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 proporciona códigos de error del ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6125
https://notcve.org/view.php?id=CVE-2014-6125
28 Oct 2014 — Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM WebSphere Portal 8.5.0 anterior a CF03 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6126
https://notcve.org/view.php?id=CVE-2014-6126
28 Oct 2014 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM WebSphere Portal 8.5.0 anterior a CF03 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 84EXPL: 0CVE-2014-4761
https://notcve.org/view.php?id=CVE-2014-4761
10 Oct 2014 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 hasta 8.5.0.0 CF02 permite a usuarios remotos autenticados descubrir credenciales mediante la lectura de código de fuente HTML. • http://secunia.com/advisories/61126 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4762
https://notcve.org/view.php?id=CVE-2014-4762
12 Sep 2014 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF13 y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •