CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0883 – IBM Power Hardware Management Console cross-site scripting
https://notcve.org/view.php?id=CVE-2014-0883
20 Apr 2018 — IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 hasta 7R7.3.5, 7R7.7.0 hasta SP3 y 7R7.8.0 anterior al SP1 permite que atacantes remotos inyec... • https://exchange.xforce.ibmcloud.com/vulnerabilities/91163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-3296
https://notcve.org/view.php?id=CVE-2012-3296
17 Aug 2012 — Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el enlace de Ayuda en el panel de inicio de sesión en IBM Power Hardware Management Console (HMC) v7R7.1.0 antes SP4, v7R7.2.0 antes de SP2 y 7R7.3.0 permite a atacantes remoto... • http://secunia.com/advisories/50376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2188
https://notcve.org/view.php?id=CVE-2012-2188
06 Aug 2012 — IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. IBM Power Hardware Management Console (HMC) v7R3.5.0 anteriores a vSP4, v7R7.1.0 y 7R7.2.0 anteriores a v7R7.2.0 SP3, y 7R7.3.0 anteriores a S... • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825 • CWE-264: Permissions, Privileges, and Access Controls •