18 matches found
EUVD-2018-12530
Malware in sbrugna...
EUVD-2017-10803
Malware in sbrugna...
EUVD-2020-25563
Malware in sbrugna...
CVE-2020-4316
IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecu...
CVE-2020-4316
IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecu...
Authorization
IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecu...
CVE-2020-4316
IBM Publishing Engine is affected by CVE-2020-4316 due to not setting the secure attribute on authorization tokens and session cookies. Impact: cookies may be exposed when a user visits an http link or a site embedding it, allowing eavesdropping of cookie values. Affected versions: IBM Publishing...
CVE-2020-4316
IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecu...
Security Bulletin: Session cookie is missing secure attribute and affects IBM Publishing Engine
Summary There is a vulnerability in the session cookie which misses a secure attribute and affects IBM Publishing Engine Vulnerability Details CVEID: CVE-2020-4316 DESCRIPTION: IBM Publishing Engine does not set the secure attribute on authorization tokens or session cookies. Attackers may be abl...
IBM Publishing Engine Cross-Site Scripting Vulnerability
IBM Publishing Engine is a U.S. IBM automated document generation solution. The program can generate Rational product documentation , but also supports the choice of other vendors to generate documentation for the application . A cross-site scripting vulnerability exists in IBM Publishing Engine...
IBM Publishing Engine Cross-Site Scripting Vulnerability (CNVD-2019-00560)
IBM Publishing Engine is a U.S. IBM automated document generation solution. The program can generate Rational product documentation , but also supports the choice of other vendors to generate documentation for the application . A cross-site scripting vulnerability exists in IBM Publishing Engine...
CVE-2018-1951
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2018-1951
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
Cross site scripting
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID:...
Cross site scripting
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2018-1951
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2018-1657
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID:...
CVE-2017-1787
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022...