Total
128 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0139 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-6215 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-0953 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2013-6722 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 5.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. | |||||
CVE-2014-0855 | 1 Ibm | 2 Connections Portlets, Websphere Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-4792 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.0 MEDIUM | N/A |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files. | |||||
CVE-2015-0177 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-0956 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-6171 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-3102 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-3056 | 1 Ibm | 2 Websphere Portal, Websphere Portal Unified Task List Portlet | 2024-02-04 | 5.0 MEDIUM | N/A |
The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors. | |||||
CVE-2014-3054 | 1 Ibm | 2 Websphere Portal, Websphere Portal Unified Task List Portlet | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2015-1886 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 7.8 HIGH | N/A |
The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. | |||||
CVE-2014-8909 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-6214 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
CVE-2014-4746 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 5.0 MEDIUM | N/A |
IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests. | |||||
CVE-2014-3055 | 1 Ibm | 2 Websphere Portal, Websphere Portal Unified Task List Portlet | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-1908 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-4761 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.0 MEDIUM | N/A |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code. | |||||
CVE-2014-0959 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.0 MEDIUM | N/A |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect. |