Page 9 of 75 results (0.006 seconds)

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 7.0.0 hasta 7.0.0.2 CF28 y 8.0.0 anterior a 8.0.0.1 CF13 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16174 http://www-01.ibm.com/support/docview.wss?uid=swg21680230 http://www.securitytracker.com/id/1030669 https://exchange.xforce.ibmcloud.com/vulnerabilities/94269 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.0 hasta 6.1.0.6 CF27, 6.1.5.0 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, y 8.0.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127 http://www-01.ibm.com/support/docview.wss?uid=swg21680230 http://www.securitytracker.com/id/1030669 https://exchange.xforce.ibmcloud.com/vulnerabilities/92626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0

Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en IBM WebSphere Portal 6.1.0.0 hasta 6.1.0.6 CF27, 6.1.5.0 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, 8.0.0 anterior a 8.0.0.1 CF13, y 8.5.0 anterior a CF01 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL manipulada. • http://secunia.com/advisories/60597 http://www-01.ibm.com/support/docview.wss?uid=swg1PI19877 http://www-01.ibm.com/support/docview.wss?uid=swg21680230 http://www.securitytracker.com/id/1030669 https://exchange.xforce.ibmcloud.com/vulnerabilities/94657 •

CVSS: 5.8EPSS: 0%CPEs: 44EXPL: 0

Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Múltiples vulnerabilidades de redirección abierta en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93528 •

CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0

SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93529 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •