15 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 89EXPL: 0

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securitytracker.com/id/1041845 https://exchange.xforce.ibmcloud.com/vulnerabilities/145108 https://www.ibm.com/support/docview.wss?uid=ibm10731155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 79EXPL: 0

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podría fracasar a la hora de establecer el contexto de usuario correcto en ciertos escenarios de suplantación, lo que puede permitir que un usuario actúe con la identidad de otro usuario. IBM X-Force ID: 144958. • http://www.securitytracker.com/id/1041766 https://exchange.xforce.ibmcloud.com/vulnerabilities/144958 https://www.ibm.com/support/docview.wss?uid=ibm10716981 • CWE-287: Improper Authentication •

CVSS: 6.5EPSS: 0%CPEs: 78EXPL: 0

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 restablece las opciones de control de acceso a su configuración de fábrica durante la instalación Combined Cumulative Fix (CF). Esto puede conducir a una mala configuración del seguridad de la instalación. • http://www.securitytracker.com/id/1041767 https://exchange.xforce.ibmcloud.com/vulnerabilities/138950 https://www.ibm.com/support/docview.wss?uid=swg22014276 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.4EPSS: 0%CPEs: 47EXPL: 0

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096. IBM WebSphere Portal 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securitytracker.com/id/1041751 https://exchange.xforce.ibmcloud.com/vulnerabilities/150096 https://www.ibm.com/support/docview.wss?uid=ibm10732287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 89EXPL: 0

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/105446 http://www.securitytracker.com/id/1041755 https://exchange.xforce.ibmcloud.com/vulnerabilities/144886 https://www.ibm.com/support/docview.wss?uid=ibm10715923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •