CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-4555
https://notcve.org/view.php?id=CVE-2020-4555
21 Dec 2020 — IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328. IBM Financial Transaction Manager versiones 3.0.6 y 3.1.0, no comprueba una sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 183328 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183328 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2014-8917
https://notcve.org/view.php?id=CVE-2014-8917
28 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en (1) dojox/form/resources/uploader.swf (tamb... • http://secunia.com/advisories/62590 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •