Page 8 of 55 results (0.005 seconds)

CVSS: 3.5EPSS: 0%CPEs: 57EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada que provoca una condición de error. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52626 http://www-01.ibm.com/support/docview.wss?uid=swg21697944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 61EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.6.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT06812 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52420 http://www-01.ibm.com/support/docview.wss?uid=swg21697120 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0

Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el Framework Coach NG en IBM Business Process Manager (BPM) 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52137 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52322 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52355 http://www-01.ibm.com/support/docview.wss?uid=swg21696378 http://www.securitytracker.com/id/1031964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 24EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields. Múltiples vulnerabilidades de XSS en el portal de procesos en IBM Business Process Manager (BPM) 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de campos de datos no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50457 http://www-01.ibm.com/support/docview.wss?uid=swg21693270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 46EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50795 http://www-01.ibm.com/support/docview.wss?uid=swg21694935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •