292 matches found
CVE-2016-9732
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
CVE-2016-9732
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
Cross site scripting
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
Design/Logic Flaw
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915...
IBM Curam Social Program Management Elevation of Privilege Vulnerability
IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. An elevation of privilege vulnerability exists in IBM Curam SPM. A remote attacker could exploit this vulnerability to...
IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-25505)
IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Curam SPM. A remote attacker can exploit this vulnerability to inject...
CVE-2017-1110
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915...
CVE-2016-9732
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
CVE-2017-1110
CVE-2017-1110 affects IBM Cúram Social Program Management (SPM) across multiple VMF versions (7.0.0.0–7.0.0.1; 6.2.0.0–6.2.0.4; 6.1.1.0–6.1.1.4; 6.1.0.0–6.1.0.4; 6.0.5.0–6.0.5.10; 6.0.4.0–6.0.4.9). An authenticated user could view the incidents of a higher-privileged user; the vulnerability is un...
CVE-2016-9732
IBM Cúram SPM (CVE-2016-9732) is vulnerable to Cross-Site Scripting in the Web UI. Affected versions include 6.0.0.4–6.0.5.x, 6.1.x (up to 6.1.1.x), 6.2.x (up to 6.2.0.4), and 7.0.0.0. The root cause is a reflected/stored XSS vulnerability allowing arbitrary JavaScript in the UI, potentially lead...
IBM Curam Social Program Management Remote Code Injection Vulnerability
IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A remote code injection vulnerability exists in IBM Curam SPM. An attacker could exploit this vulnerability to inject or...
Code injection
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors...
CVE-2014-8903
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors...
CVE-2014-8903
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors...
CVE-2014-8903
CVE-2014-8903 affects IBM Cúram Social Program Management (versions 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10, and 6.0.5 before 6.0.5.6). Root cause: Java reflection attack where external input specifies a class name, allowing remote authenticated users to load arbitrary Java classes. Impac...
IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-16024)
IBM Curam Social Program Management is a suite of social program management solutions from IBM in the United States that support the end-to-end social program delivery process. A cross-site scripting vulnerability exists in IBM Curam Social Program Management, which can be exploited by an attacke...
Cross site scripting
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...
CVE-2017-1106
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...
CVE-2017-1106
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...
CVE-2017-1106
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...