CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26283 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-26283
22 Mar 2023 — IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-23477 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2023-23477
03 Feb 2023 — IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245513 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43917 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2022-43917
25 Jan 2023 — IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. El contenedor tradicional IBM WebSphere Application Server 8.5 y 9.0 utiliza claves criptográficas más débiles de lo esperado que podrían permitir a un atacante descifrar información confidencial. Esto afecta sólo a la versi... • https://exchange.xforce.ibmcloud.com/vulnerabilities/241045 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-40750 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2022-40750
11 Nov 2022 — IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando... • https://exchange.xforce.ibmcloud.com/vulnerabilities/236588 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-34336
https://notcve.org/view.php?id=CVE-2022-34336
13 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-22477
https://notcve.org/view.php?id=CVE-2022-22477
14 Jul 2022 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605. IBM WebSphere Application Server versiones 8.5 y 9.0 es vulnerable al cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225605 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-38951
https://notcve.org/view.php?id=CVE-2021-38951
09 Dec 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a una denegación de servicio, causada por el envío de una petición especialmente diseñada. Un atacante remoto podría aprovechar esta vulnerabilidad para causa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/211405 •
CVSS: 6.5EPSS: 22%CPEs: 72EXPL: 1CVE-2021-41182 – XSS in the `altField` option of the Datepicker widget
https://notcve.org/view.php?id=CVE-2021-41182
26 Oct 2021 — jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. • https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 54EXPL: 1CVE-2021-41183 – XSS in `*Text` options of the Datepicker widget
https://notcve.org/view.php?id=CVE-2021-41183
26 Oct 2021 — jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. • https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 136EXPL: 1CVE-2021-29425 – Possible limited path traversal vulnerabily in Apache Commons IO
https://notcve.org/view.php?id=CVE-2021-29425
13 Apr 2021 — In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como... • https://issues.apache.org/jira/browse/IO-556 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •