CVE-2016-0316
https://notcve.org/view.php?id=CVE-2016-0316
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service 6.0 y 6.0.1 en versiones anteriores a 6.0.1 iFix006 y 6.0.2 en versiones anteriores a iFix003 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21983137 http://www.securityfocus.com/bid/92472 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-0350
https://notcve.org/view.php?id=CVE-2016-0350
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313. Vulnerabilidad de XSS en el Report Builder and Data Collection Component (DCC) en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2 ifix016 y 6.x en versiones anteriores a 6.0.1 ifix005 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, una vulnerabilidad diferente a CVE-2016-2888 y CVE-2016-0313. • http://www-01.ibm.com/support/docview.wss?uid=swg21983147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-0315
https://notcve.org/view.php?id=CVE-2016-0315
The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation. El Report Builder and Data Collection Component (DCC) en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2 ifix016 y 6.x en versiones anteriores a 6.0.1 ifix005 mantiene la validez de ID de sesión después de una acción de cierre de sesión, lo que permite a usuarios remotos autenticados secuestrar sesiones aprovechando una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21983147 • CWE-284: Improper Access Control •
CVE-2016-2888
https://notcve.org/view.php?id=CVE-2016-2888
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350. Vulnerabilidad de XSS en el Report Builder and Data Collection Component (DCC) en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2 ifix016 y 6.x en versiones anteriores a 6.0.1 ifix005 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, una vulnerabilidad diferente a CVE-2016-0313 y CVE-2016-0350. • http://www-01.ibm.com/support/docview.wss?uid=swg21983147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-0314
https://notcve.org/view.php?id=CVE-2016-0314
The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors. El Report Builder and Data Collection Component (DCC) en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2 ifix016 y 6.x en versiones anteriores a 6.0.1 ifix005 permiten a usuarios remotos autenticados llevar a cabo ataques de secuestro de clic a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21983147 http://www.securityfocus.com/bid/91697 •