CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2014-4839
https://notcve.org/view.php?id=CVE-2014-4839
Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en birtviewer.query en IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2, y 3.4 anterior a 3.4.0.1 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21686241 https://exchange.xforce.ibmcloud.com/vulnerabilities/95635 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4837
https://notcve.org/view.php?id=CVE-2014-4837
Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en NewDocument.jsp en IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2 y 3.4 anterior a 3.4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61056 http://www-01.ibm.com/support/docview.wss?uid=swg21686238 https://exchange.xforce.ibmcloud.com/vulnerabilities/95631 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4838
https://notcve.org/view.php?id=CVE-2014-4838
Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en GanttProjectSchedulerPopup.jsp en IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2 y 3.4 anterior a 3.4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61056 http://www-01.ibm.com/support/docview.wss?uid=swg21686233 https://exchange.xforce.ibmcloud.com/vulnerabilities/95634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4836
https://notcve.org/view.php?id=CVE-2014-4836
Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en breakOutWithName.jsp en IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2 y 3.4 anterior a 3.4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61056 http://www-01.ibm.com/support/docview.wss?uid=swg21686240 https://exchange.xforce.ibmcloud.com/vulnerabilities/95630 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2014-4840
https://notcve.org/view.php?id=CVE-2014-4840
IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2 y 3.4 anterior a 3.4.0.1 permite a atacantes remotos ejecutar código arbitrario a través de una URL manipulada. • http://secunia.com/advisories/61056 http://www-01.ibm.com/support/docview.wss?uid=swg21686230 https://exchange.xforce.ibmcloud.com/vulnerabilities/95636 • CWE-20: Improper Input Validation •