CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4801 CVE-2016-6072 79 XSS 2017-02-01 2017-02-09
3.5
None Remote Medium ??? None Partial None
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4802 CVE-2016-6061 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4803 CVE-2016-6056 79 XSS 2017-03-27 2017-03-29
3.5
None Remote Medium ??? None Partial None
IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000442.
4804 CVE-2016-6055 79 XSS 2017-02-23 2017-02-24
3.5
None Remote Medium ??? None Partial None
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515.
4805 CVE-2016-6054 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4806 CVE-2016-6047 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4807 CVE-2016-6046 79 XSS 2017-02-01 2017-02-09
3.5
None Remote Medium ??? None Partial None
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4808 CVE-2016-6039 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4809 CVE-2016-6037 79 Exec Code XSS 2017-05-10 2017-05-15
3.5
None Remote Medium ??? None Partial None
IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.
4810 CVE-2016-6036 79 XSS 2017-03-31 2017-04-04
3.5
None Remote Medium ??? None Partial None
IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.
4811 CVE-2016-6035 79 XSS 2017-05-10 2017-05-15
3.5
None Remote Medium ??? None Partial None
IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896.
4812 CVE-2016-6032 79 XSS 2017-02-08 2017-02-15
3.5
None Remote Medium ??? None Partial None
IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4813 CVE-2016-6031 79 XSS 2017-03-31 2017-04-04
3.5
None Remote Medium ??? None Partial None
IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.
4814 CVE-2016-6030 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4815 CVE-2016-6022 79 XSS 2017-03-31 2017-04-04
3.5
None Remote Medium ??? None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.
4816 CVE-2016-6021 79 XSS 2017-08-14 2017-08-20
3.5
None Remote Medium ??? None Partial None
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755.
4817 CVE-2016-6019 79 XSS 2017-07-13 2017-07-19
3.5
None Remote Medium ??? None Partial None
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739.
4818 CVE-2016-6001 918 2017-02-01 2017-02-15
3.5
None Remote Medium ??? Partial None None
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
4819 CVE-2016-5981 79 XSS 2016-11-25 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4820 CVE-2016-5980 79 XSS 2017-02-01 2017-02-09
3.5
None Remote Medium ??? None Partial None
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4821 CVE-2016-5978 79 XSS 2016-09-26 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.
4822 CVE-2016-5975 79 XSS 2016-09-26 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5978.
4823 CVE-2016-5974 79 XSS 2016-09-26 2016-09-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
4824 CVE-2016-5955 79 XSS 2016-11-25 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
4825 CVE-2016-5951 79 XSS 2017-02-01 2017-02-08
3.5
None Remote Medium ??? None Partial None
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4826 CVE-2016-5948 79 XSS 2017-02-01 2017-02-09
3.5
None Remote Medium ??? None Partial None
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4827 CVE-2016-5947 20 2016-09-26 2016-11-28
3.5
None Remote Medium ??? None Partial None
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
4828 CVE-2016-5944 79 XSS 2016-09-26 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
4829 CVE-2016-5942 79 XSS 2017-02-01 2017-02-05
3.5
None Remote Medium ??? None Partial None
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4830 CVE-2016-5941 22 Dir. Trav. 2017-02-01 2017-02-05
3.5
None Remote Medium ??? Partial None None
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
4831 CVE-2016-5940 79 XSS 2017-02-01 2017-02-05
3.5
None Remote Medium ??? None Partial None
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4832 CVE-2016-5932 79 XSS 2017-03-01 2017-03-03
3.5
None Remote Medium ??? None Partial None
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294.
4833 CVE-2016-5920 79 XSS 2016-10-29 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
4834 CVE-2016-5905 79 XSS 2016-11-30 2016-11-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
4835 CVE-2016-5901 79 XSS 2016-10-05 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
4836 CVE-2016-5899 79 XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4837 CVE-2016-5897 79 Exec Code XSS 2017-02-01 2017-02-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
4838 CVE-2016-5892 79 XSS 2016-10-05 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
4839 CVE-2016-5890 255 2016-11-30 2016-12-03
3.5
None Remote Medium ??? None Partial None
IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors.
4840 CVE-2016-5888 79 XSS 2017-05-10 2017-05-15
3.5
None Remote Medium ??? None Partial None
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 115084.
4841 CVE-2016-5880 79 XSS 2017-02-01 2017-07-28
3.5
None Remote Medium ??? None Partial None
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4842 CVE-2016-5850 79 XSS 2016-07-12 2016-07-14
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
4843 CVE-2016-5710 1021 2020-02-11 2020-02-13
3.5
None Remote Medium ??? None Partial None
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.
4844 CVE-2016-5642 79 XSS 2017-04-10 2017-04-14
3.5
None Remote Medium ??? None Partial None
Opmantek NMIS before 8.5.12G has XSS via SNMP.
4845 CVE-2016-5618 200 +Info 2016-10-25 2017-07-29
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.
4846 CVE-2016-5604 284 2016-10-25 2017-07-29
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563.
4847 CVE-2016-5602 200 +Info 2016-10-25 2017-07-29
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.
4848 CVE-2016-5601 284 2016-10-25 2018-10-30
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors related to CIE Related Components.
4849 CVE-2016-5584 200 +Info 2016-10-25 2019-03-04
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
4850 CVE-2016-5540 254 2016-10-25 2016-11-28
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.