CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2014-4840
https://notcve.org/view.php?id=CVE-2014-4840
IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. IBM TRIRIGA Application Platform 3.2 y 3.3 anterior a 3.3.0.2, 3.3.1 anterior a 3.3.1.3, 3.3.2 anterior a 3.3.2.2 y 3.4 anterior a 3.4.0.1 permite a atacantes remotos ejecutar código arbitrario a través de una URL manipulada. • http://secunia.com/advisories/61056 http://www-01.ibm.com/support/docview.wss?uid=swg21686230 https://exchange.xforce.ibmcloud.com/vulnerabilities/95636 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-6726
https://notcve.org/view.php?id=CVE-2013-6726
Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en WebProcess.srv en IBM TRIRIGA Application Platform 3.2.x y 3.3.x anterior a 3.3.1.2 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21671968 https://exchange.xforce.ibmcloud.com/vulnerabilities/89281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-4003
https://notcve.org/view.php?id=CVE-2013-4003
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via (1) unspecified input to WebProcess.srv, (2) unspecified input to html/en/default/actionHandler/queryHandler.jsp, or (3) unspecified input in a portalSectionId action to html/en/default/reportTemplate/hGridTopQuery.jsp. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x anterior a v3.3.1.1, y v8, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarias a traves de (1) entrada sin especificar en WebProcess.srv, (2) entrada sin especificar en html/en/default/actionHandler/queryHandler.jsp, o (3) entrada sin especificar en una acción portalSectionId en html/en/default/reportTemplate/hGridTopQuery.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21646694 https://exchange.xforce.ibmcloud.com/vulnerabilities/85266 https://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_tririga_application_platform_has_potential_cross_site_scripting_vulnerabilities_in_various_url_s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5950
https://notcve.org/view.php?id=CVE-2012-5950
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8 permite a atacantes remotos secuestrar la autenticación de los usuarios arbitrarios de solicitudes que modifican los registros de datos a través de vectores relacionados (1) el html/es/default/ o (2) sqa/html/es/default/proceso/comm/saveProps.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628849 https://exchange.xforce.ibmcloud.com/vulnerabilities/80630 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5949
https://notcve.org/view.php?id=CVE-2012-5949
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM TRIRIGA Application Platform v2.x y v3.x antes de v3.3, y v8, que permiten a atacantes remotos inyectar contenido, y llevar a cabo ataques de phishing, a través de vectores relacionados con (1) el html/es/default/, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/es/default/reportTemplate/reportTemplateOrderCols.jsp, o (5) a/html/en/default/om2/omObjectFinder.jsp. • http://www-01.ibm.com/support/docview.wss?uid=swg21628851 http://www-01.ibm.com/support/docview.wss?uid=swg21628852 https://exchange.xforce.ibmcloud.com/vulnerabilities/80629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •