CVE-2011-4819

CVE-2011-4819 is an IBM Maximo Asset Management/Asset Management Essentials issue describing multiple cross-site scripting (XSS) vulnerabilities in versions 6.2, 7.1, and 7.5. The flaw allows remote attackers to inject arbitrary script/HTML via the uisesionid parameter to maximo.jsp or the defaul...

CVE-2011-1395

CVE-2011-1395 is an XSS vulnerability in IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5) affecting imicon.jsp via the controlid parameter. Exploitation could allow remote attackers to inject arbitrary script/HTML. IBM notes multiple related CVEs in the same fa...

CVE-2011-4819

Multiple cross-site scripting XSS vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to 1 maximo.jsp or 2 the default URI under ui/...

CVE-2012-0195

CVE-2012-0195 is a documented XSS vulnerability in the Start Center Layout and Configuration component across IBM Maximo Asset Management and Asset Management Essentials (6.2, 7.1, 7.5), IBM Tivoli Asset Management for IT (6.2, 7.1, 7.2), IBM Tivoli Service Request Manager (7.1, 7.2), IBM Maximo ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Accept, 2 Accept-Language, 3 UA-CPU, 4 Accept-Encoding, 5 User-Agent, or 6 Cookie HTTP header. NOTE: the provenance of...

CVE-2008-3161

Multiple cross-site scripting XSS vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Accept, 2 Accept-Language, 3 UA-CPU, 4 Accept-Encoding, 5 User-Agent, or 6 Cookie HTTP header. NOTE: the provenance of...

CVE-2008-3161

Multiple cross-site scripting XSS vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Accept, 2 Accept-Language, 3 UA-CPU, 4 Accept-Encoding, 5 User-Agent, or 6 Cookie HTTP header. NOTE: the provenance of...

CVE-2008-3161

CVE-2008-3161 describes cross-site scripting (XSS) in IBM Maximo (jsp/common/system/debug.jsp) affecting Maximo versions 4.1 and 5.2. The vulnerability allows remote attackers to inject arbitrary web script or HTML by sending crafted HTTP headers (Accept, Accept-Language, UA-CPU, Accept-Encoding,...

ibmmromaximo-xss.txt

Affected Software/Device: IBM MRO MAXIMO Tested Version: 4.1 , 5.2 Vulnerability: Cross Site Scripting & Information Disclosure Risk: Low / Medium Description: MRO Maximo is a strategic asset and service management system that runs on a number of databases including Oracle, SQL Server and IBM DB2...

IBM Maximo 4.15.2 - debug.jsp HTML Injection Information Disclosure

IBM Maximo 4.15.2 - debug.jsp HTML Injection Information Disclosure source: https://www.securityfocus.com/bid/30180/info IBM Maximo is prone to multiple HTML-injection vulnerabilities and an information-disclosure vulnerability. An attacker may leverage these issues to obtain potentially sensitiv...

IBM Maximo 4.1/5.2 - '/debug.jsp' HTML Injection / Information Disclosure

source: https://www.securityfocus.com/bid/30180/info IBM Maximo is prone to multiple HTML-injection vulnerabilities and an information-disclosure vulnerability. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action...

CVE-2007-5949

Cross-site scripting XSS vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action...

CVE-2007-5949

Cross-site scripting XSS vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action...

CVE-2007-5949

CVE-2007-5949 describes a cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2. The issue allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action. Administrative or user impact is limited to the authentica...

CVE-2005-1601

CVE-2005-1601 affects MRO Maximo Self Service 4 and 5, where certain information is stored under the web document root and exposed via file extensions not processed by Tomcat. This allows remote attackers to directly request files (e.g., MXServer.properties) and obtain sensitive information. The ...

CVE-2005-1601

MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties...