CVSS: 4.8EPSS: 0%CPEs: 17EXPL: 2CVE-2017-14651
https://notcve.org/view.php?id=CVE-2017-14651
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. WSO2 Data Analytics Server 3.1.0 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) en carbon/resources/add_collection_ajaxprocessor.jsp mediante los parámetros collectionName o parentPath. • https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265 https://github.com/cybersecurityworks/Disclosed/issues/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4592
https://notcve.org/view.php?id=CVE-2012-4592
The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Portal en McAfee Enterprise Mobility Manager (EMM) anteriores a v10.0 no fija el "flag" de seguridad para la cookie de sesión para ASP.NET en una sesión https, lo que facilita a atacantes remotos capturar esta cookie interceptando su transmisión en la sesión http. • https://exchange.xforce.ibmcloud.com/vulnerabilities/78220 https://kc.mcafee.com/corporate/index?page=content&id=SB10022 •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4589
https://notcve.org/view.php?id=CVE-2012-4589
Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Login.aspx en Portal en McAfee Enterprise Mobility Manager (EMM) anteriores a v10.0 no tiene un atributo de autocompletar los campos de formulario no especificados, lo que hace que facilita a los atacantes remotos obtener acceso mediante el aprovechamiento de una estación de trabajo no atendida. • https://exchange.xforce.ibmcloud.com/vulnerabilities/78223 https://kc.mcafee.com/corporate/index?page=content&id=SB10022 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4591
https://notcve.org/view.php?id=CVE-2012-4591
About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. About.aspx en el Portal de McAfee Enterprise Mobility Manager (EMM) anterior a v10,0 comunica el nombre de la cuenta de usuario para un proceso de trabajo de IIS, lo que permite a atacantes remotos obtener información sensible visitando esa página. • https://exchange.xforce.ibmcloud.com/vulnerabilities/78221 https://kc.mcafee.com/corporate/index?page=content&id=SB10022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4590
https://notcve.org/view.php?id=CVE-2012-4590
Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en About.aspx en Portal en McAfee Enterprise Mobility Manager (EMM) anteriores a v10.0, podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML a través de las variables (1) User Agent o (2) Connection. • https://exchange.xforce.ibmcloud.com/vulnerabilities/78222 https://kc.mcafee.com/corporate/index?page=content&id=SB10022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •