CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 0CVE-2014-0951
https://notcve.org/view.php?id=CVE-2014-0951
22 May 2014 — Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en FilterForm.jsp en IBM WebSphere Portal 7.0 anterior a 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI15690 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2014-0949
https://notcve.org/view.php?id=CVE-2014-0949
22 May 2014 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos causar una denegación de servicio (consumo de recursos y caída de demonio) a través de una solicitud web ma... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2014-0918
https://notcve.org/view.php?id=CVE-2014-0918
16 May 2014 — Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos leer archivos ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 1CVE-2014-0917 – IBM Eclipse Help System (IEHS) Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-0917
16 May 2014 — Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos inyectar... • https://packetstorm.news/files/id/131924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2014-0828
https://notcve.org/view.php?id=CVE-2014-0828
02 Apr 2014 — Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz de usuario de WCM (Web Content Manager) en IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF27 y 8.0.0.x anterio... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0901
https://notcve.org/view.php?id=CVE-2014-0901
02 Apr 2014 — Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la implementación Social Rendering en la integración de IBM Connections en IBM WebSphere Portal 8.0.0.x anterior a 8.0.0.1 CF11 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vec... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2013-6730
https://notcve.org/view.php?id=CVE-2013-6730
04 Mar 2014 — IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results. IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x anterior a 7.0.0.2 CF27 y 8.0.0.x anterior a 8.0.0.1 CF10, cuando la configuración wcm.path.traversal.securit... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 45EXPL: 0CVE-2013-6722
https://notcve.org/view.php?id=CVE-2013-6722
14 Feb 2014 — Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. Vulnerabilidad de subida de archivos sin restricción en el portlet Registration/Edit My Profile en IBM WebSphere Portal 7.x anterior a 7.0.0.2 CF27 y 8.x hasta 8.0.0.1 CF09 permite a atacantes remotos causar una denegación de servicio o modificar datos a trav... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0855
https://notcve.org/view.php?id=CVE-2014-0855
14 Feb 2014 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en IBM Connections Portlets 4.x anterior a 4.5.1 FP1 para IBM WebSphere Portal 7.0.0.2 y 8.0.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21663921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-6316
https://notcve.org/view.php?id=CVE-2013-6316
22 Dec 2013 — IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor. IBM Websphere Portal 7.0.0.x anteriores a 7.0.0.2 CF26, y 8.0.0.x anteriores a 8.0.0.1 CF09 no maneja apropiadamente cambios contenido-selección durante el renderizado ... • http://osvdb.org/101270 • CWE-264: Permissions, Privileges, and Access Controls •