CVSS: 4.3EPSS: 1%CPEs: 25EXPL: 0CVE-2009-0856
https://notcve.org/view.php?id=CVE-2009-0856
Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Varias vulnerabilidades de tipo Cross-Site Scripting (XSS) en aplicaciones de muestra en IBM WebSphere Application Server (WAS) versión 6.0.2 anteriores a 6.0.2.35, y versión 6.1 anterior a 6.1.0.23 en z/OS, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • http://securitytracker.com/id?1021811 http://www-01.ibm.com/support/docview.wss?uid=swg1PK76720 http://www-01.ibm.com/support/docview.wss?uid=swg1PK81212 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www.securityfocus.com/bid/34001 http://www.vupen.com/english/advisories/2009/0607 http://www.vupen.com/english/advisories/2009/1464 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0506
https://notcve.org/view.php?id=CVE-2009-0506
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. Vulnerabilidad sin especificar en IBM WebSphere Application Server (WAS) v5.1 y v6.0.2 anterior a v6.0.2.33 sobre z/OS, cuando está activado CSIv2 Identity Assertion y la interacción de Enterprise JavaBeans (EJB) ocurre entre una instancia de WAS v6.1 y WAS pre-6.1, permite a usuarios locales tener un impacto desconocido a través de vectores relacionados con (1) un uso del sujeto erróneo y (2)múltiples comprobaciones CBIND. • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg1PK71143 http://www.securityfocus.com/bid/33884 https://exchange.xforce.ibmcloud.com/vulnerabilities/48886 •