CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2015-1908
https://notcve.org/view.php?id=CVE-2015-1908
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF16, y 8.5.0 hasta CF05, utilizado en Web Content Manager y otros productos, permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661 http://www-01.ibm.com/support/docview.wss?uid=swg21701566 http://www.securityfocus.com/bid/74218 http://www.securitytracker.com/id/1032189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2015-1886
https://notcve.org/view.php?id=CVE-2015-1886
The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. Remote Document Conversion Service (DCS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF16, y 8.5.0 hasta CF05 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de solicitudes manipuladas. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356 http://www-01.ibm.com/support/docview.wss?uid=swg21701566 http://www.securityfocus.com/bid/74216 http://www.securitytracker.com/id/1032189 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1893
https://notcve.org/view.php?id=CVE-2015-1893
The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors. El dispositivo IBM WebSphere DataPower XC10 2.1 anterior a 2.1.0.3 permite a atacantes remotos secuestrar las sesiones de usuarios arbitrarios, y como consecuencia obtener información sensible o modificar datos, a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT07841 http://www-01.ibm.com/support/docview.wss?uid=swg21701337 http://www.securityfocus.com/bid/73916 http://www.securitytracker.com/id/1032025 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 46EXPL: 0CVE-2015-0106
https://notcve.org/view.php?id=CVE-2015-0106
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50795 http://www-01.ibm.com/support/docview.wss?uid=swg21694935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6214
https://notcve.org/view.php?id=CVE-2014-6214
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF15 y 8.5.0 anterior a CF05 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987 http://www-01.ibm.com/support/docview.wss?uid=swg21697213 http://www.securitytracker.com/id/1031880 • CWE-352: Cross-Site Request Forgery (CSRF) •