5 results (0.051 seconds)

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en el componente de marcadores en IBM Lotus Connections v4.0 antes CR3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1LO74182 http://www-01.ibm.com/support/docview.wss?uid=swg21634538 https://exchange.xforce.ibmcloud.com/vulnerabilities/82265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en Lotus Connections 2.x anterior a v2.0.1 de IBM permiten a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro sortField a componentes no especificados. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/32466 http://www-01.ibm.com/support/docview.wss?uid=swg27014008 http://www.securityfocus.com/bid/31989 https://exchange.xforce.ibmcloud.com/vulnerabilities/46212 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Lotus Connections 2.x anterior a v2.0.1 de IBM permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante 1) the community title, (2) API input, y vectores relacionados con (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities y (8) Global Search components. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/32466 http://www-01.ibm.com/support/docview.wss?uid=swg27014008 http://www.securityfocus.com/bid/31989 https://exchange.xforce.ibmcloud.com/vulnerabilities/46210 https://exchange.xforce.ibmcloud.com/vulnerabilities/46211 https://exchange.xforce.ibmcloud.com/vulnerabilities/46215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Lotus Connections 2.x anterior a v2.0.1 de IBM almacena la contraseña para el usuario administrador en el archivo trace.log, lo que permite a usuarios locales obtner información sensible leyendo este archivo. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/32466 http://www-01.ibm.com/support/docview.wss?uid=swg27014008 http://www.securityfocus.com/bid/31989 https://exchange.xforce.ibmcloud.com/vulnerabilities/46213 • CWE-255: Credentials Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Lotus Connections 2.x anterior a v2.0.1 de IBM permite a atacantes descubrir contraseñas mediante vectores no especificados. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/32466 http://www-01.ibm.com/support/docview.wss?uid=swg27014008 http://www.securityfocus.com/bid/31989 https://exchange.xforce.ibmcloud.com/vulnerabilities/46216 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •