IBM Curam Social Program Management Cross-Site Scripting Vulnerability

IBM Curam Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in versions prior to IBM Curam Social Program Management 6.0.5.5a, which allows ...

CVE-2014-3096

Summary (CVE-2014-3096): IBM Cúram Social Program Management is vulnerable to cross-site scripting (XSS) due to improper validation of user-supplied input. A remote, authenticated attacker can craft a URL to execute script in a victim’s browser within the hosting site’s context, potentially steal...

CVE-2014-3096

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2014-3013

Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...

CVE-2014-3012

CVE-2014-3012 affects IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4. The vulnerability is a CRLF injection allowing remote authenticated users to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified parameters to custom JSPs. Root cause is improper handl...

CVE-2014-3013

Cúram Social Program Management is vulnerable to cross-site scripting (XSS) due to improper validation/sanitization of tags in custom JSPs or custom renderers that add text nodes to rendered content. A remote authenticated attacker can inject malicious scripts via crafted input to a custom JSP or...

CVE-2014-3012

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

CVE-2006-0897

SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

Sql injection

DISPUTED SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely fr...

CVE-2006-0897

SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 via the UpdateID0 parameter to Service_Requests.asp. The vendor disputes the issue, citing a protected state-management system, while third-party sources suggest the original researcher may have triggered...

CVE-2006-0897

SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third...