2 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Content Template Catalog 4.x en versiones anteriores a 4.1.4 para WebSphere Portal 8.0.x y 4.x en versiones anteriores a 4.3.1 para WebSphere Portal 8.5.x permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21958969 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. IBM Websphere Portal 8.0.0.x anteriores a 8.0.0.1 CF09, cuando se utiliza Content Template Catalog 4.0, no requiere privilegios administrativos para la instalación de archivos Portal Application Archive (PAA), lo cual permite a usuarios remotos autenticados modificar datos o causar una denegación de servicio a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 https://exchange.xforce.ibmcloud.com/vulnerabilities/85618 • CWE-264: Permissions, Privileges, and Access Controls •