Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5378 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration. | |||||
| CVE-2013-4012 | 1 Ibm | 2 Content Template Catalog, Websphere Portal | 2017-08-28 | 4.9 MEDIUM | N/A |
| IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||||
| CVE-2013-0549 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2013-0587 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme. | |||||
| CVE-2013-2950 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 3.5 LOW | N/A |
| CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2013-6723 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors. | |||||
| CVE-2013-5379 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality. | |||||
| CVE-2012-2181 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. | |||||
| CVE-2011-2172 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2173 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 4.0 MEDIUM | N/A |
| The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests. | |||||
| CVE-2011-0679 | 1 Ibm | 1 Websphere Portal | 2017-08-16 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message." | |||||
| CVE-2010-1348 | 1 Ibm | 1 Websphere Portal | 2017-08-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors. | |||||
| CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2017-08-07 | 7.5 HIGH | N/A |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||
| CVE-2017-1303 | 1 Ibm | 1 Websphere Portal | 2017-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457. | |||||
| CVE-2017-1120 | 1 Ibm | 1 Websphere Portal | 2017-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152. | |||||
| CVE-2017-1217 | 1 Ibm | 1 Websphere Portal | 2017-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857 | |||||
| CVE-2016-8922 | 1 Ibm | 2 Web Content Manager Production Analytics, Websphere Portal | 2017-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-0245 | 1 Ibm | 1 Websphere Portal | 2017-02-18 | 5.5 MEDIUM | 5.4 MEDIUM |
| The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-8912 | 1 Ibm | 1 Websphere Portal | 2016-12-23 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. | |||||
| CVE-2015-1943 | 1 Ibm | 1 Websphere Portal | 2016-12-21 | 7.8 HIGH | N/A |
| IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. | |||||