CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2013-6328
https://notcve.org/view.php?id=CVE-2013-6328
22 Dec 2013 — Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Vulnerabilidad cross-site scripting (XSS) UI en IBM Websphere Poral 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.2 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF09 permit... • http://osvdb.org/101269 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 1%CPEs: 26EXPL: 2CVE-2013-6735 – IBM Web Content Manager XPath Injection
https://notcve.org/view.php?id=CVE-2013-6735
22 Dec 2013 — IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permit... • https://packetstorm.news/files/id/124611 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2013-5454
https://notcve.org/view.php?id=CVE-2013-5454
16 Nov 2013 — IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL. IBM WebSphere Portal 6.0 hasta la 6.0.1.7, 6.1.0 hasta la 6.1.0.6 CF27, 6.1.5 hasta la 6.1.5.3 CF27, 7.0 hasta la 7.0.0.2 CF25, y 8.0 hasta la 8.0.0.1 CF08 permite a atacantes remotos leer archivos de su elección a través de un URL modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5378
https://notcve.org/view.php?id=CVE-2013-5378
13 Nov 2013 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration. Vulnerabilidad de XSS en IBM WebSphere Portal 8.x anterior a la versión 8.0.0.1 CF8 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario mediante el aprovechamiento de integraciones incorrectas de IBM Connections. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM95802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2013-5379
https://notcve.org/view.php?id=CVE-2013-5379
13 Nov 2013 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality. Vulnerabilidad de XSS en IBM WebSphere Portal 7.x anterior a la versión 7.0.0.2 CF25 y 8.x anterior a 8.0.0.1 CF8 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario mediante el aprovechamiento de una funcionalidad de etiquetado inapropiada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2013-0587
https://notcve.org/view.php?id=CVE-2013-0587
16 Aug 2013 — Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM WebSphere Portal anterior a v8.0.0.1 CF07 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de los temas (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 39EXPL: 0CVE-2013-2950
https://notcve.org/view.php?id=CVE-2013-2950
03 Jun 2013 — CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en IBM WebSphere Portal v6.1.0.x anterior a v6.1.0.3 CF26, v6.1.5.x anterior a v6.1.5 CF26, v7.0.0.x anterior... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0CVE-2013-0549
https://notcve.org/view.php?id=CVE-2013-0549
03 Jun 2013 — Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad Cross-site scripting (XSS) en Web Content Manager - Web Content Viewer Portlet en el servidor IBM WebSphere Portal v7.0.0.x hasta v7.0.0.2 CF22 y v8.0.0.x hasta v8.0.0.1 CF5, cuando se... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM84525 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •