CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1348 79 XSS 2017-06-23 2017-06-26
3.5
None Remote Medium Single system None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524.
2 CVE-2017-1325 79 XSS 2017-05-26 2017-07-07
4.3
None Remote Medium Not required None Partial None
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.
3 CVE-2017-1321 79 XSS 2017-07-12 2017-07-17
4.3
None Remote Medium Not required None Partial None
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916.
4 CVE-2017-1320 79 XSS 2017-05-22 2017-07-07
3.5
None Remote Medium Single system None Partial None
IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732.
5 CVE-2017-1305 79 XSS 2017-06-07 2017-06-14
3.5
None Remote Medium Single system None Partial None
IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459.
6 CVE-2017-1291 79 XSS Http R.Spl. +Info 2017-05-26 2017-05-31
3.5
None Remote Medium Single system None Partial None
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
7 CVE-2017-1282 79 XSS 2017-05-22 2017-06-01
3.5
None Remote Medium Single system None Partial None
IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760.
8 CVE-2017-1278 79 Exec Code XSS 2017-06-12 2017-06-16
3.5
None Remote Medium Single system None Partial None
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.
9 CVE-2017-1276 79 XSS 2017-06-12 2017-06-16
3.5
None Remote Medium Single system None Partial None
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751.
10 CVE-2017-1256 79 XSS 2017-07-05 2017-07-10
4.3
None Remote Medium Not required None Partial None
IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678
11 CVE-2017-1247 79 XSS 2017-06-12 2017-06-16
3.5
None Remote Medium Single system None Partial None
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627.
12 CVE-2017-1234 79 XSS 2017-06-27 2017-06-30
3.5
None Remote Medium Single system None Partial None
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123913.
13 CVE-2017-1217 79 XSS 2017-07-05 2017-07-10
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857
14 CVE-2017-1208 79 XSS 2017-07-05 2017-07-19
3.5
None Remote Medium Single system None Partial None
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778.
15 CVE-2017-1203 79 XSS 2017-07-19 2017-07-24
4.3
None Remote Medium Not required None Partial None
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678.
16 CVE-2017-1178 79 XSS 2017-06-07 2017-06-14
4.3
None Remote Medium Not required None Partial None
IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430.
17 CVE-2017-1160 79 XSS 2017-04-17 2017-04-24
3.5
None Remote Medium Single system None Partial None
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892.
18 CVE-2017-1146 79 XSS 2017-03-20 2017-03-23
3.5
None Remote Medium Single system None Partial None
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736.
19 CVE-2017-1140 79 XSS 2017-06-08 2017-06-13
3.5
None Remote Medium Single system None Partial None
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
20 CVE-2017-1133 79 XSS 2017-03-07 2017-03-31
3.5
None Remote Medium Single system None Partial None
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
21 CVE-2017-1132 79 XSS 2017-06-23 2017-06-26
3.5
None Remote Medium Single system None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418.
22 CVE-2017-1128 79 XSS 2017-02-08 2017-02-15
3.5
None Remote Medium Single system None Partial None
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
23 CVE-2017-1127 79 XSS 2017-02-08 2017-02-15
3.5
None Remote Medium Single system None Partial None
IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
24 CVE-2017-1121 79 XSS 2017-02-13 2017-02-28
3.5
None Remote Medium Single system None Partial None
IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743
25 CVE-2017-1120 79 XSS 2017-03-27 2017-07-11
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.
26 CVE-2017-1113 79 XSS 2017-07-05 2017-07-14
3.5
None Remote Medium Single system None Partial None
IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121151.
27 CVE-2017-1106 79 XSS 2017-06-28 2017-07-03
3.5
None Remote Medium Single system None Partial None
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744.
28 CVE-2017-1104 79 XSS 2017-06-13 2017-07-07
3.5
None Remote Medium Single system None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666.
29 CVE-2017-1102 79 XSS 2017-06-13 2017-07-07
3.5
None Remote Medium Single system None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663.
30 CVE-2017-1101 79 XSS 2017-06-13 2017-07-07
3.5
None Remote Medium Single system None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662.
31 CVE-2017-1100 79 XSS 2017-06-13 2017-07-07
3.5
None Remote Medium Single system None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661.
32 CVE-2017-1096 79 XSS 2017-07-05 2017-07-14
3.5
None Remote Medium Single system None Partial None
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656.
33 CVE-2016-9990 79 XSS 2017-03-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824.
34 CVE-2016-9989 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555.
35 CVE-2016-9988 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554.
36 CVE-2016-9987 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553.
37 CVE-2016-9986 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552.
38 CVE-2016-9980 79 XSS 2017-04-20 2017-04-26
3.5
None Remote Medium Single system None Partial None
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256.
39 CVE-2016-9979 79 XSS 2017-04-20 2017-04-26
3.5
None Remote Medium Single system None Partial None
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255.
40 CVE-2016-9973 79 XSS 2017-06-13 2017-06-26
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.
41 CVE-2016-9747 79 XSS 2017-06-22 2017-06-28
3.5
None Remote Medium Single system None Partial None
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
42 CVE-2016-9746 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium Single system None Partial None
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821.
43 CVE-2016-9737 79 XSS 2017-03-27 2017-03-29
3.5
None Remote Medium Single system None Partial None
IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.
44 CVE-2016-9733 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium Single system None Partial None
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762.
45 CVE-2016-9731 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium Single system None Partial None
IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
46 CVE-2016-9723 79 XSS 2017-03-07 2017-05-01
4.3
None Remote Medium Not required None Partial None
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
47 CVE-2016-9704 79 XSS 2017-02-01 2017-02-09
4.3
None Remote Medium Not required None Partial None
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
48 CVE-2016-9701 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium Single system None Partial None
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529.
49 CVE-2016-9696 79 Exec Code XSS 2017-03-20 2017-03-23
3.5
None Remote Medium Single system None Partial None
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960.
50 CVE-2016-9694 79 XSS 2017-03-20 2017-03-23
3.5
None Remote Medium Single system None Partial None
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960.
Total number of vulnerabilities : 687   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.