CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities Published In 2011 (Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-4708 79 XSS 2011-12-08 2012-01-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2 CVE-2011-4465 79 XSS 2011-11-18 2012-02-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL.
3 CVE-2011-4171 79 XSS 2011-10-24 2011-10-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp.
4 CVE-2011-3576 79 XSS 2011-09-19 2011-09-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf.
5 CVE-2011-3390 79 XSS 2011-09-06 2011-09-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver, (2) host, or (3) port parameter in a login action.
6 CVE-2011-2754 79 XSS 2011-07-17 2011-07-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
7 CVE-2011-2679 79 XSS 2011-07-07 2011-09-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8 CVE-2011-2607 79 XSS 2011-06-30 2011-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165513.
9 CVE-2011-2606 79 XSS 2011-06-30 2011-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511.
10 CVE-2011-2172 79 XSS 2011-05-26 2011-06-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11 CVE-2011-1558 79 XSS 2011-04-05 2011-04-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242.
12 CVE-2011-1371 79 XSS 2011-10-27 2012-04-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an Unknown Error document, a different vulnerability than CVE-2011-4171.
13 CVE-2011-1360 79 XSS 2011-10-27 2012-02-01
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/.
14 CVE-2011-1357 79 XSS 2011-08-11 2012-01-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
15 CVE-2011-1308 79 XSS 2011-03-08 2011-03-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
16 CVE-2011-1106 79 XSS 2011-03-01 2011-03-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action.
17 CVE-2011-1038 79 XSS 2011-02-22 2011-09-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO.
18 CVE-2011-1034 79 XSS 2011-02-15 2011-02-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. NOTE: some of these details are obtained from third party information.
19 CVE-2011-1030 79 XSS 2011-02-14 2011-02-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene."
20 CVE-2011-1029 79 XSS 2011-02-14 2011-02-15
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report.
21 CVE-2011-0486 79 XSS 2011-01-18 2011-01-26
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 Business Intelligence (BI) 8.4.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via the pathinfo parameter.
22 CVE-2011-0315 79 XSS 2011-01-11 2011-03-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application.
23 CVE-2009-2748 79 XSS 2011-10-30 2012-03-27
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.