CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2018/01/11 5:29 p.m.•15 views

CVE-2017-1740

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.2AI score0.00729EPSS

OSV•added 2018/01/11 5:29 p.m.•3 views

CVE-2017-1739

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

5.4CVSS5.4AI score0.00729EPSS

Cvelist•added 2018/01/11 5:0 p.m.•23 views

CVE-2017-1739

5.2AI score0.00729EPSS

CVE•added 2018/01/11 5:0 p.m.•45 views

CVE-2017-1739

IBM Cúram Social Program Management is affected by CVE-2017-1739. A cross-site scripting vulnerability exists in IBM Cúram SPM 7.0.0.0–7.0.1.1, 6.2.0.0–6.2.0.6, 6.1.0.0–6.1.1.6, and 6.0.5.0–6.0.5.10 due to improper validation of user input in the Web UI, allowing an attacker to inject arbitrary J...

5.4CVSS5.2AI score0.00729EPSS

Exploits0References3Affected Software1

Cvelist•added 2018/01/11 5:0 p.m.•17 views

CVE-2017-1740

5.2AI score0.00729EPSS

CVE•added 2018/01/11 5:0 p.m.•50 views

CVE-2017-1740

IBM Cúram Social Program Management (SPM) is affected by CVE-2017-1740 due to cross-site scripting caused by improper input validation. Affected versions include 6.0.5.0–6.0.5.10, 6.1.0.0–6.1.1.6, 6.2.0.0–6.2.0.6, 7.0.1.0–7.0.1.1, and 7.0.2.0. The vulnerability allows remote attackers to inject a...

5.4CVSS5.2AI score0.00729EPSS

Exploits0References3Affected Software1

CNVD•added 2017/09/21 12:0 a.m.•2 views

IBM Cúram Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-33074)

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Curam SPM. A remote attacker could exploit this vulnerability to inje...

5.4CVSS5.3AI score0.00642EPSS

Prion•added 2017/09/19 3:29 p.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568...

3.5CVSS5.6AI score0.00642EPSS

CVE•added 2017/09/19 3:0 p.m.•39 views

CVE-2014-6191

CVE-2014-6191 affects IBM Cúram SPM: vulnerable versions are 6.0 SP2, 6.0.4, and 6.0.5, due to improper validation/sanitization of user-supplied input that enables cross-site scripting. Remote attacker could exploit via a specially crafted URL to run script in a victim’s browser, potentially comp...

5.4CVSS5AI score0.00642EPSS

Cvelist•added 2017/09/19 3:0 p.m.•17 views

CVE-2014-6191

5.1AI score0.00642EPSS

NVD•added 2017/08/29 9:29 p.m.•13 views

CVE-2017-1195

IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to...

6.1CVSS5.9AI score0.008EPSS

CVE•added 2017/08/29 9:0 p.m.•49 views

CVE-2017-1195

IBM Curam Social Program Management (SPM) is affected by CVE-2017-1195 due to a phishing/open-redirect vulnerability in the Resource Store servlet. Affected versions include 7.0.0.0–7.0.0.1 and 6.2.0.0–6.2.0.4, 6.1.1.0–6.1.1.4, 6.1.0.0–6.1.0.4, and 6.0.5.0–6.0.5.10, 6.0.4.0–6.0.4.9. An attacker c...

6.1CVSS5.8AI score0.008EPSS

NVD•added 2017/08/29 1:35 a.m.•13 views

CVE-2017-1110

IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915...

6.5CVSS6.1AI score0.00992EPSS

NVD•added 2017/08/29 1:35 a.m.•16 views

CVE-2016-9732

IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS5.2AI score0.0054EPSS

Prion•added 2017/08/29 1:35 a.m.•15 views

Design/Logic Flaw

4CVSS6.3AI score0.00992EPSS

Prion•added 2017/08/29 1:35 a.m.•14 views

Cross site scripting

3.5CVSS6.2AI score0.0054EPSS

CNVD•added 2017/08/29 12:0 a.m.•2 views

IBM Curam Social Program Management Elevation of Privilege Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. An elevation of privilege vulnerability exists in IBM Curam SPM. A remote attacker could exploit this vulnerability to...

6.5CVSS7.1AI score0.00992EPSS

CNVD•added 2017/08/29 12:0 a.m.•3 views

IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-25505)

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Curam SPM. A remote attacker can exploit this vulnerability to inject...

5.4CVSS5.5AI score0.0054EPSS

CVE•added 2017/08/28 8:0 p.m.•45 views

CVE-2016-9732

IBM Cúram SPM (CVE-2016-9732) is vulnerable to Cross-Site Scripting in the Web UI. Affected versions include 6.0.0.4–6.0.5.x, 6.1.x (up to 6.1.1.x), 6.2.x (up to 6.2.0.4), and 7.0.0.0. The root cause is a reflected/stored XSS vulnerability allowing arbitrary JavaScript in the UI, potentially lead...

5.4CVSS5.2AI score0.0054EPSS