| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1951 |
79 |
|
XSS |
2019-01-04 |
2019-01-11 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153494. |
|
2 |
CVE-2018-1900 |
79 |
|
XSS |
2018-12-11 |
2018-12-31 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529. |
|
3 |
CVE-2018-1896 |
74 |
|
|
2018-12-07 |
2018-12-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456. |
|
4 |
CVE-2018-1891 |
79 |
|
XSS |
2018-12-17 |
2019-01-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082. |
|
5 |
CVE-2018-1889 |
79 |
|
XSS |
2018-12-17 |
2019-01-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152080. |
|
6 |
CVE-2018-1872 |
79 |
|
XSS |
2018-11-09 |
2018-12-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330. |
|
7 |
CVE-2018-1871 |
79 |
|
XSS |
2018-12-06 |
2018-12-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329. |
|
8 |
CVE-2018-1842 |
347 |
|
Bypass |
2018-11-08 |
2018-12-12 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. |
|
9 |
CVE-2018-1833 |
20 |
|
|
2018-12-18 |
2019-01-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has already gained authorised access via the CLI, could exploit this vulnerability to spoof the request header. IBM X-Force ID: 150507. |
|
10 |
CVE-2018-1820 |
79 |
|
XSS |
2018-09-27 |
2018-11-14 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096. |
|
11 |
CVE-2018-1812 |
79 |
|
XSS |
2018-10-05 |
2018-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web browser within the security context of the hosting Web site, once victim opens a certain page in Control Room. IBM X-Force ID: 149883. |
|
12 |
CVE-2018-1799 |
20 |
|
|
2018-11-08 |
2018-12-12 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429. |
|
13 |
CVE-2018-1777 |
79 |
|
XSS |
2018-10-16 |
2018-11-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148800. |
|
14 |
CVE-2018-1772 |
79 |
|
XSS |
2019-01-15 |
2019-01-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148689. |
|
15 |
CVE-2018-1766 |
79 |
|
XSS |
2018-10-29 |
2018-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148620. |
|
16 |
CVE-2018-1762 |
79 |
|
XSS |
2018-11-29 |
2018-12-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616. |
|
17 |
CVE-2018-1740 |
79 |
|
XSS |
2018-12-13 |
2019-01-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419. |
|
18 |
CVE-2018-1728 |
79 |
|
XSS |
2018-12-05 |
2018-12-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707. |
|
19 |
CVE-2018-1715 |
79 |
|
XSS |
2018-08-16 |
2018-10-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003. |
|
20 |
CVE-2018-1706 |
79 |
|
XSS |
2018-10-11 |
2018-11-14 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341. |
|
21 |
CVE-2018-1692 |
79 |
|
XSS |
2018-10-02 |
2018-11-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145583. |
|
22 |
CVE-2018-1691 |
79 |
|
XSS |
2018-10-02 |
2018-11-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145582. |
|
23 |
CVE-2018-1690 |
79 |
|
XSS |
2018-08-07 |
2018-10-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145510. |
|
24 |
CVE-2018-1686 |
79 |
|
XSS |
2018-10-05 |
2018-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505. |
|
25 |
CVE-2018-1667 |
79 |
|
XSS |
2018-12-13 |
2019-01-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893. |
|
26 |
CVE-2018-1660 |
79 |
|
XSS |
2018-09-27 |
2018-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886. |
|
27 |
CVE-2018-1659 |
79 |
|
XSS |
2018-09-25 |
2018-11-13 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885. |
|
28 |
CVE-2018-1657 |
79 |
|
XSS |
2019-01-04 |
2019-01-11 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883. |
|
29 |
CVE-2018-1653 |
79 |
|
XSS |
2018-12-13 |
2019-01-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726. |
|
30 |
CVE-2018-1610 |
79 |
|
XSS |
2018-09-26 |
2018-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143931. |
|
31 |
CVE-2018-1605 |
79 |
|
XSS |
2018-10-02 |
2018-11-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143795. |
|
32 |
CVE-2018-1604 |
79 |
|
XSS |
2018-10-04 |
2018-11-14 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143794. |
|
33 |
CVE-2018-1603 |
79 |
|
XSS |
2018-10-04 |
2018-11-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143793. |
|
34 |
CVE-2018-1602 |
79 |
|
XSS |
2018-10-04 |
2018-11-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143792. |
|
35 |
CVE-2018-1601 |
79 |
|
XSS |
2018-10-02 |
2018-11-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143791. |
|
36 |
CVE-2018-1599 |
20 |
|
|
2018-08-22 |
2018-10-31 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 143744. |
|
37 |
CVE-2018-1585 |
79 |
|
XSS |
2018-07-19 |
2018-09-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143498. |
|
38 |
CVE-2018-1584 |
79 |
|
XSS |
2018-11-28 |
2018-12-31 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497. |
|
39 |
CVE-2018-1560 |
79 |
|
XSS |
2018-09-25 |
2018-11-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142958. |
|
40 |
CVE-2018-1558 |
79 |
|
XSS |
2018-10-02 |
2018-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956. |
|
41 |
CVE-2018-1557 |
79 |
|
XSS |
2018-10-02 |
2018-11-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142955. |
|
42 |
CVE-2018-1556 |
79 |
|
XSS |
2018-07-06 |
2018-08-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142893. |
|
43 |
CVE-2018-1555 |
79 |
|
XSS |
2018-07-06 |
2018-08-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892. |
|
44 |
CVE-2018-1554 |
79 |
|
XSS |
2018-08-02 |
2018-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891. |
|
45 |
CVE-2018-1541 |
79 |
|
XSS |
2018-10-24 |
2018-11-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596. |
|
46 |
CVE-2018-1536 |
79 |
|
XSS |
2018-07-19 |
2018-09-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142558. |
|
47 |
CVE-2018-1535 |
79 |
|
XSS |
2018-07-19 |
2018-09-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557. |
|
48 |
CVE-2018-1534 |
79 |
|
XSS |
2018-10-12 |
2018-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142432. |
|
49 |
CVE-2018-1533 |
79 |
|
XSS |
2018-10-12 |
2018-11-14 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142431. |
|
50 |
CVE-2018-1529 |
79 |
|
XSS |
2018-07-19 |
2018-09-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291. |
