CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2020-4933 79 XSS 2021-02-18 2021-02-22
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751.
1502 CVE-2020-4916 79 XSS 2021-01-04 2021-01-05
3.5
None Remote Medium ??? None Partial None
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.
1503 CVE-2020-4910 79 XSS 2021-01-04 2021-01-05
3.5
None Remote Medium ??? None Partial None
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.
1504 CVE-2020-4909 79 XSS 2021-01-04 2021-01-05
3.5
None Remote Medium ??? None Partial None
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.
1505 CVE-2020-4895 79 XSS 2021-01-07 2021-01-08
3.5
None Remote Medium ??? None Partial None
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.
1506 CVE-2020-4892 79 XSS 2021-01-07 2021-01-13
3.5
None Remote Medium ??? None Partial None
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979.
1507 CVE-2020-4866 79 XSS 2021-03-04 2021-03-05
3.5
None Remote Medium ??? None Partial None
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742.
1508 CVE-2020-4865 79 XSS 2021-01-27 2021-01-29
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
1509 CVE-2020-4864 290 2020-10-29 2020-10-30
3.3
None Local Network Low Not required None Partial None
IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.
1510 CVE-2020-4863 79 XSS 2021-03-04 2021-03-05
3.5
None Remote Medium ??? None Partial None
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566.
1511 CVE-2020-4857 79 XSS 2021-03-04 2021-03-05
3.5
None Remote Medium ??? None Partial None
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.
1512 CVE-2020-4856 79 XSS 2021-03-04 2021-03-05
3.5
None Remote Medium ??? None Partial None
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.
1513 CVE-2020-4855 79 XSS 2021-01-27 2021-01-29
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.
1514 CVE-2020-4845 79 XSS 2020-12-17 2020-12-17
3.5
None Remote Medium ??? None Partial None
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190289.
1515 CVE-2020-4838 79 XSS 2021-01-12 2021-01-14
3.5
None Remote Medium ??? None Partial None
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036.
1516 CVE-2020-4825 79 XSS 2021-02-04 2021-02-04
3.5
None Remote Medium ??? None Partial None
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839.
1517 CVE-2020-4792 79 XSS 2021-04-05 2021-04-08
3.5
None Remote Medium ??? None Partial None
IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441.
1518 CVE-2020-4790 20 DoS 2021-02-09 2021-02-11
3.3
None Local Network Low Not required None None Partial
IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375.
1519 CVE-2020-4775 79 XSS 2020-10-12 2020-10-16
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153.
1520 CVE-2020-4768 79 XSS 2021-02-11 2021-02-12
3.5
None Remote Medium ??? None Partial None
IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907.
1521 CVE-2020-4757 79 XSS 2020-12-21 2020-12-22
3.5
None Remote Medium ??? None Partial None
IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600.
1522 CVE-2020-4755 79 XSS 2020-10-20 2020-10-20
3.5
None Remote Medium ??? None Partial None
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
1523 CVE-2020-4741 79 XSS 2020-10-12 2020-10-13
3.5
None Remote Medium ??? None Partial None
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188197.
1524 CVE-2020-4733 79 XSS 2021-01-08 2021-01-11
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127.
1525 CVE-2020-4725 2021-03-02 2021-03-08
3.5
None Remote Medium ??? None Partial None
IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974.
1526 CVE-2020-4718 79 XSS 2020-11-19 2020-11-30
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731.
1527 CVE-2020-4705 79 XSS 2020-11-16 2020-11-23
3.5
None Remote Medium ??? None Partial None
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.
1528 CVE-2020-4702 79 XSS 2020-09-04 2020-09-09
3.5
None Remote Medium ??? None Partial None
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187.
1529 CVE-2020-4698 79 XSS 2020-09-08 2020-09-10
3.5
None Remote Medium ??? None Partial None
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841.
1530 CVE-2020-4697 79 XSS 2021-01-08 2021-01-11
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.
1531 CVE-2020-4691 79 XSS 2021-01-08 2021-01-11
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.
1532 CVE-2020-4681 79 XSS 2020-10-12 2020-10-13
3.5
None Remote Medium ??? None Partial None
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427.
1533 CVE-2020-4680 79 XSS 2020-10-12 2020-10-13
3.5
None Remote Medium ??? None Partial None
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426.
1534 CVE-2020-4679 79 XSS 2020-10-12 2020-10-13
3.5
None Remote Medium ??? None Partial None
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424.
1535 CVE-2020-4672 79 XSS 2020-11-16 2020-11-23
3.5
None Remote Medium ??? None Partial None
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285.
1536 CVE-2020-4666 79 XSS 2021-01-08 2021-01-11
3.5
None Remote Medium ??? None Partial None
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281.
1537 CVE-2020-4664 79 XSS 2021-01-08 2021-01-11
3.5
None Remote Medium ??? None Partial None
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235.
1538 CVE-2020-4663 79 XSS 2021-01-08 2021-01-11
3.5
None Remote Medium ??? None Partial None
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234.
1539 CVE-2020-4645 79 XSS 2020-07-29 2020-07-30
3.5
None Remote Medium ??? None Partial None
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717.
1540 CVE-2020-4640 200 +Info 2021-02-04 2021-02-04
3.8
None Local Network Medium ??? Partial Partial None
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.
1541 CVE-2020-4615 79 XSS 2020-09-22 2020-09-22
3.5
None Remote Medium ??? None Partial None
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928.
1542 CVE-2020-4606 611 2021-01-08 2021-01-12
3.6
None Local Low Not required Partial None Partial
IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883.
1543 CVE-2020-4592 2020-11-18 2020-12-01
3.5
None Remote Medium ??? None Partial None
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.
1544 CVE-2020-4578 79 XSS 2020-09-10 2020-09-11
3.5
None Remote Medium ??? None Partial None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433.
1545 CVE-2020-4564 79 XSS 2020-10-20 2020-10-22
3.5
None Remote Medium ??? None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933.
1546 CVE-2020-4557 79 XSS 2020-06-29 2020-07-08
3.5
None Remote Medium ??? None Partial None
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611.
1547 CVE-2020-4547 1021 2021-01-27 2021-01-29
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.
1548 CVE-2020-4546 79 XSS 2020-09-02 2020-09-08
3.5
None Remote Medium ??? None Partial None
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.
1549 CVE-2020-4542 79 XSS 2020-08-04 2020-08-05
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 183046.
1550 CVE-2020-4535 79 XSS 2021-05-11 2021-05-14
3.5
None Remote Medium ??? None Partial None
IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.