CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7460
https://notcve.org/view.php?id=CVE-2015-7460
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356. Vulnerabilidad de Cross-Site Scripting (XSS) en las versiones 3.0.1.1 y anteriores, 4.0, 4.5 y versiones 5.0 anteriores a CR4 de 3.0.1.1 de IBM Connections permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 108356. • http://www-01.ibm.com/support/docview.wss?uid=swg21980518 https://exchange.xforce.ibmcloud.com/vulnerabilities/108356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7458
https://notcve.org/view.php?id=CVE-2015-7458
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354. Vulnerabilidad de Cross-Site Scripting (XSS) en las versiones 3.0.1.1 y anteriores, 4.0, 4.5 y versiones 5.0 anteriores a CR4 de 3.0.1.1 de IBM Connections permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 108354. • http://www-01.ibm.com/support/docview.wss?uid=swg21980518 https://exchange.xforce.ibmcloud.com/vulnerabilities/108354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7459
https://notcve.org/view.php?id=CVE-2015-7459
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355. Vulnerabilidad de Cross-Site Scripting (XSS) en las versiones 3.0.1.1 y anteriores, 4.0, 4.5 y versiones 5.0 anteriores a CR4 de 3.0.1.1 de IBM Connections permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 108355. • http://www-01.ibm.com/support/docview.wss?uid=swg21980518 https://exchange.xforce.ibmcloud.com/vulnerabilities/108355 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7461
https://notcve.org/view.php?id=CVE-2015-7461
XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357. Vulnerabilidad de XEE (XML External Entity) en las versiones 3.0.1.1 y anteriores, 4.0, 4.5 y versiones 5.0 anteriores a CR4 de 3.0.1.1 de IBM Connections permite que usuarios autenticados remotos provoquen una denegación de servicio (consumo de memoria) mediante datos XML manipulados. IBM X-Force ID: 108357. • http://www-01.ibm.com/support/docview.wss?uid=swg21980518 https://exchange.xforce.ibmcloud.com/vulnerabilities/108357 • CWE-399: Resource Management Errors CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1682
https://notcve.org/view.php?id=CVE-2017-1682
IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004. IBM Connections 4.0, 4.5, 5.0, 5.5 y 6.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012900 https://exchange.xforce.ibmcloud.com/vulnerabilities/134004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •