Lucene search
K

198 matches found

Cvelist
Cvelist
added 2015/05/25 2:0 p.m.22 views

CVE-2014-6192

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

5.1AI score0.00783EPSS
Exploits0References1
CVE
CVE
added 2015/05/25 2:0 p.m.43 views

CVE-2014-6192

CVE-2014-6192 affects IBM Cúram Social Program Management (SPM). The vulnerability is an XSS flaw caused by improper validation of user-supplied input, allowing a remote authenticated user to execute script via a crafted URL. Affected versions include: SPM 6.0 SP2 before EP26, 6.0.4 before 6.0.4....

3.5CVSS5.2AI score0.00783EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/04/28 12:0 a.m.4 views

IBM Curam Social Program Management (SPM) Cross-Site Request Forgery Vulnerability (CNVD-2015-02805)

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site request forgery vulnerability exists in IBM Curam Social Program Management SPM. An attacker is allowed to...

6.8CVSS7AI score0.00578EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/28 12:0 a.m.3 views

IBM Curam Social Program Management Denial of Service Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A denial of service vulnerability exists in IBM Curam Social Program Management. An attacker is allowed to exploit this...

5CVSS6.6AI score0.01256EPSS
Exploits0References1
CVE
CVE
added 2015/04/27 1:0 a.m.42 views

CVE-2014-6090

CVE-2014-6090 affects IBM Cúram SPM (DataMappingEditorCommands, DatastoreEditorCommands, IEGEditorCommands) across multiple versions (5.2 SP6 before EP6; 6.0 SP2 before EP26; 6.0.3/6.0.4/6.0.5 before respective iFix/EP levels). The root cause is CSRF in these servlets, allowing remote attackers t...

6.8CVSS6.7AI score0.00578EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2015/02/14 2:59 a.m.25 views

CVE-2014-4804

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...

4.3CVSS6.3AI score0.01066EPSS
Exploits0References2
CVE
CVE
added 2015/02/14 2:0 a.m.47 views

CVE-2014-4804

CVE-2014-4804 affects IBM Curam Social Program Management (Cúram SPM) – Curam Universal Access when SPI is enabled. A page with SPI included can allow a remote attacker to obtain sensitive user data. Affected versions include 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5....

4.3CVSS6.4AI score0.01066EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/02/14 2:0 a.m.19 views

CVE-2014-4804

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...

6.3AI score0.01066EPSS
Exploits0References2
Prion
Prion
added 2015/02/13 2:59 a.m.14 views

Crlf injection

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP...

3.5CVSS6.8AI score0.00772EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/02/13 2:0 a.m.56 views

CVE-2014-4803

IBM Cúram Universal Access (part of IBM Cúram Social Program Management) is vulnerable to a CRLF injection when not deployed on WebSphere, due to improper sanitization on a page parameter. A remote authenticated attacker could inject arbitrary HTTP headers and perform HTTP response splitting, pot...

3.5CVSS6.6AI score0.00772EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2015/01/15 12:0 a.m.3 views

IBM Curam Social Program Management Cross-Site Scripting Vulnerability

IBM Curam Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in versions prior to IBM Curam Social Program Management 6.0.5.5a, which allows ...

3.5CVSS5.5AI score0.00759EPSS
Exploits0References1
CVE
CVE
added 2015/01/10 2:0 a.m.47 views

CVE-2014-3096

Summary (CVE-2014-3096): IBM Cúram Social Program Management is vulnerable to cross-site scripting (XSS) due to improper validation of user-supplied input. A remote, authenticated attacker can craft a URL to execute script in a victim’s browser within the hosting site’s context, potentially steal...

3.5CVSS5.2AI score0.00759EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/01/10 2:0 a.m.17 views

CVE-2014-3096

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

5.1AI score0.00759EPSS
Exploits0References2
NVD
NVD
added 2014/06/18 4:55 p.m.17 views

CVE-2014-3013

Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...

3.5CVSS5.3AI score0.00936EPSS
Exploits0References3
Prion
Prion
added 2014/06/18 4:55 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...

3.5CVSS5.5AI score0.00936EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/06/18 4:0 p.m.47 views

CVE-2014-3013

Cúram Social Program Management is vulnerable to cross-site scripting (XSS) due to improper validation/sanitization of tags in custom JSPs or custom renderers that add text nodes to rendered content. A remote authenticated attacker can inject malicious scripts via crafted input to a custom JSP or...

3.5CVSS5.3AI score0.00936EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/06/18 4:0 p.m.48 views

CVE-2014-3012

CVE-2014-3012 affects IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4. The vulnerability is a CRLF injection allowing remote authenticated users to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified parameters to custom JSPs. Root cause is improper handl...

3.5CVSS6.8AI score0.00951EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/06/18 4:0 p.m.20 views

CVE-2014-3012

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

6.6AI score0.00951EPSS
Exploits0References3
Rows per page
Query Builder