Page 9 of 54 results (0.020 seconds)

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el portal de procesos en IBM Business Process Manager (BPM) 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50162 http://www-01.ibm.com/support/docview.wss?uid=swg1JR50607 http://www-01.ibm.com/support/docview.wss?uid=swg21694937 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913. Vulnerabilidad XSS en Process Portal en IBM Business Process Manager 8.0 a través de 8.0.1.3, 8.5.0 a través de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL modificada, una vulnerabilidad diferente a CVE-2014-8913. • http://secunia.com/advisories/62205 http://www-01.ibm.com/support/docview.wss?uid=swg1JR51836 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52103 http://www-01.ibm.com/support/docview.wss?uid=swg21693239 http://www.securitytracker.com/id/1031614 https://exchange.xforce.ibmcloud.com/vulnerabilities/99285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914. Vulnerabilidad XSS en the Process Portal en IBM Business Process Manager 8.0 a través 8.0.1.3, 8.5.0 a través de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL modificada, una vulnerabilidad diferente a CVE-2014-8914. • http://secunia.com/advisories/62205 http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742 http://www-01.ibm.com/support/docview.wss?uid=swg21693239 http://www.securitytracker.com/id/1031614 https://exchange.xforce.ibmcloud.com/vulnerabilities/99284 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el Inspector de Procesos en IBM Business Process Manager (BPM) 8.0.x hasta 8.0.1.3 y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50241 http://www-01.ibm.com/support/docview.wss?uid=swg21690553 https://exchange.xforce.ibmcloud.com/vulnerabilities/98418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit. La funcionalidad import/export en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados evadir las restricciones de acceso a través de una acción de proyecto para (1) una aplicación de proyecto o (2) una caja de herramientas. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51286 http://www.ibm.com/support/docview.wss?uid=swg21690554 https://exchange.xforce.ibmcloud.com/vulnerabilities/95724 • CWE-264: Permissions, Privileges, and Access Controls •