Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.18%
Published
2014-12-19
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application.
Max CVSS
4.3
EPSS Score
0.29%
Published
2014-11-26
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-12-24
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.18%
Published
2014-12-19
Updated
2017-09-08
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
6.0
EPSS Score
0.08%
Published
2014-12-29
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.18%
Published
2014-12-18
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-10-28
Updated
2017-09-08
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
6.8
EPSS Score
0.11%
Published
2014-10-28
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.50%
Published
2014-10-31
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.32%
Published
2014-11-18
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.29%
Published
2014-10-03
Updated
2017-09-08
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
6.8
EPSS Score
0.11%
Published
2014-12-18
Updated
2017-09-08
Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
6.0
EPSS Score
0.08%
Published
2014-10-29
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
6.8
EPSS Score
0.13%
Published
2014-11-28
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.13%
Published
2014-10-19
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.18%
Published
2014-09-18
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
6.0
EPSS Score
0.11%
Published
2014-09-23
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
6.0
EPSS Score
0.08%
Published
2014-09-10
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
6.8
EPSS Score
0.11%
Published
2014-09-10
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, and 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.18%
Published
2014-08-12
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-07-26
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
5.0
EPSS Score
0.18%
Published
2014-10-13
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php.
Max CVSS
4.3
EPSS Score
0.21%
Published
2014-08-17
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-07-26
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
6.8
EPSS Score
0.11%
Published
2014-08-26
Updated
2017-08-29
54 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!