CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-0390 79 XSS 2016-05-14 2016-05-16
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
2 CVE-2016-0283 79 XSS 2016-03-19 2016-03-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
3 CVE-2016-0262 79 XSS 2016-03-13 2016-03-16
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
4 CVE-2016-0244 79 XSS 2016-02-29 2016-03-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243.
5 CVE-2016-0243 79 XSS 2016-02-29 2016-03-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244.
6 CVE-2016-0227 79 XSS 2016-03-03 2016-03-04
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
7 CVE-2016-0209 79 XSS 2016-01-27 2016-01-27
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8 CVE-2015-8531 79 XSS 2016-02-14 2016-02-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
9 CVE-2015-8524 79 XSS 2016-02-29 2016-03-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
10 CVE-2015-7492 79 XSS 2016-02-14 2016-03-09
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
11 CVE-2015-7491 79 XSS 2016-02-29 2016-03-02
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
12 CVE-2015-7467 79 XSS 2016-01-17 2016-01-21
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
13 CVE-2015-7465 352 XSS CSRF 2016-01-09 2016-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
14 CVE-2015-7457 79 XSS 2016-02-29 2016-03-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
15 CVE-2015-7451 79 XSS 2016-01-02 2016-01-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
16 CVE-2015-7446 352 XSS CSRF 2016-03-12 2016-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
17 CVE-2015-7439 79 XSS 2016-01-27 2016-01-27
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
18 CVE-2015-7431 79 XSS 2016-01-02 2016-01-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
19 CVE-2015-7417 79 XSS 2016-01-23 2016-01-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.
20 CVE-2015-7415 79 XSS 2016-01-01 2016-01-05
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
21 CVE-2015-7414 79 XSS 2016-01-17 2016-01-20
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
22 CVE-2015-7413 79 XSS 2015-12-21 2015-12-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
23 CVE-2015-7409 79 XSS 2016-01-01 2016-01-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field.
24 CVE-2015-7407 352 XSS CSRF 2016-01-02 2016-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
25 CVE-2015-7402 79 XSS 2016-01-02 2016-01-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
26 CVE-2015-7398 79 XSS 2016-02-14 2016-02-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
27 CVE-2015-5050 352 XSS CSRF 2016-02-14 2016-02-26
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
28 CVE-2015-5037 352 XSS CSRF 2016-01-03 2016-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
29 CVE-2015-5036 79 XSS 2016-01-03 2016-01-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5035.
30 CVE-2015-5035 79 XSS 2016-01-03 2016-01-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5036.
31 CVE-2015-5009 79 XSS 2016-01-18 2016-01-21
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
32 CVE-2015-5008 79 XSS 2016-01-18 2016-01-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
33 CVE-2015-5007 352 XSS CSRF 2016-01-14 2016-01-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
34 CVE-2015-5002 79 XSS 2016-01-18 2016-01-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
35 CVE-2015-4998 79 XSS 2015-12-21 2015-12-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993.
36 CVE-2015-4993 79 XSS 2015-12-21 2015-12-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998.
37 CVE-2015-4973 79 XSS 2015-10-05 2015-10-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
38 CVE-2015-4971 79 XSS 2015-10-05 2015-10-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
39 CVE-2015-4959 79 XSS 2016-01-18 2016-01-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
40 CVE-2015-4957 79 XSS 2016-02-14 2016-02-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
41 CVE-2015-4955 79 XSS 2015-10-03 2015-10-05
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
42 CVE-2015-4944 79 XSS 2015-10-05 2015-10-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
43 CVE-2015-4939 79 XSS 2015-10-05 2015-10-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
44 CVE-2015-2031 79 XSS 2015-10-03 2015-10-05
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
45 CVE-2015-2026 352 XSS CSRF 2015-10-03 2015-10-05
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
46 CVE-2015-2015 79 XSS 2015-08-22 2015-08-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.
47 CVE-2015-2014 XSS 2015-08-22 2015-08-24
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA.
48 CVE-2015-1997 352 XSS CSRF 2015-11-08 2015-11-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
49 CVE-2015-1995 79 XSS 2015-11-08 2015-11-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
50 CVE-2015-1988 79 XSS 2015-10-03 2015-10-05
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Total number of vulnerabilities : 506   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.