2 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en (1) dojox/form/resources/uploader.swf (también conocido como upload.swf), (2) dojox/form/resources/fileuploader.swf (también conocido como fileupload.swf), (3) dojox/av/resources/audio.swf, y (4) dojox/av/resources/video.swf en el juego de herramientas de IBM Dojo, utilizado en IBM Social Media Analytics 1.3 anterior a IF11 y otros productos, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/62590 http://secunia.com/advisories/62837 http://www-01.ibm.com/support/docview.wss?uid=swg21694693 http://www-01.ibm.com/support/docview.wss?uid=swg21696013 http://www.securityfocus.com/bid/72903 http://www.securitytracker.com/id/1032376 https://exchange.xforce.ibmcloud.com/vulnerabilities/99303 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0

Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname. Vulnerabilidad de salto de directorio en la implementación de table-export en el componente OAC de IBM Financial Transaction Manager (FTM) 2.0 anterior a 2.0.0.3 y 2.1 anterior a 2.1.0.1 permite a usuarios remotos autenticados leer archivos arbitrarios a través de una ruta modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg21662714 https://exchange.xforce.ibmcloud.com/vulnerabilities/90584 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •