Page 8 of 38 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8 permite a atacantes remotos secuestrar la autenticación de los usuarios arbitrarios de solicitudes que modifican los registros de datos a través de vectores relacionados (1) el html/es/default/ o (2) sqa/html/es/default/proceso/comm/saveProps.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628849 https://exchange.xforce.ibmcloud.com/vulnerabilities/80630 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8, que permiten a atacantes remotos inyectar contenido, y llevar a cabo ataques de phishing, a través de vectores relacionados con (1) el html/es/default/, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/es/default/reportTemplate/reportTemplateOrderCols.jsp, o (5) a/html/en/default/om2/omObjectFinder.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628851 http://www-01.ibm.com/support/docview.wss?uid=swg21628852 https://exchange.xforce.ibmcloud.com/vulnerabilities/80629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y 8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados (1) WebProcess.srv, (2) el html/es/default/, (3) Widget/recurso, (4) birt/conjunto de marcos, o (5) ganttlib/gantt-jws.jnlp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628847 https://exchange.xforce.ibmcloud.com/vulnerabilities/80628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •