CVE-2019-4270

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2019-4271

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243...

Cross site scripting

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2019-4271

Summary: CVE-2019-4271 affects IBM WebSphere Application Server Admin Console (ND) via a Client-side HTTP Parameter Pollution vulnerability. Connected IBM bulletins confirm affected products include WAS Admin Console, with remediation guidance to apply fixed releases (e.g., WebSphere fix packs/fi...

CVE-2019-4270

CVE-2019-4270 affects IBM WebSphere Application Server Admin Console across multiple WAS versions (7.0, 8.0, 8.5, 9.0). The vulnerability is a cross-site scripting flaw caused by insufficient input validation in the Admin Console UI, which can allow an authenticated attacker to embed arbitrary Ja...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2019-4271)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin HTTP Parameter Pollution...

PT-2019-17010 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The Admin console of the IBM WebSphere Application Server is affected by a Client-side HTTP parameter pollution issue. Recommendations: For versions 7.0 through 9.0, updat...

PT-2019-17009 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a...

Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4270)

Summary There is a potential denial of service in the Admin Console of WebSphere Application Server. Vulnerability Details CVEID: CVE-2019-4270 DESCRIPTION: IBM WebSphere Application Server Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

Security Bulletin: Path traversal vulnerability in WebSphere Application Server Admin Console (CVE-2019-4442)

Summary There is a path traversal vulnerability in the Admin Console of WebSphere Application Server. Vulnerability Details CVEID: CVE-2019-4442 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to traverse directories on the file system. An attacker could send a...

CVE-2019-3638

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway MWG 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully...

IBM WebSphere Application Server Path Traversal Vulnerability (CNVD-2019-30959)

IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A path traversal vulnerability exists in the Admin Console in IBM...

IBM WebSphere Application Server HTTP Parameter Contamination Vulnerability

IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. An HTTP parameter contamination vulnerability exists in the Admin...

LibreNMS Cross-Site Scripting Vulnerability

LibreNMS is an open source network monitoring system based on PHP and MySQL. The system features customizable alerts , auto-discovery of the network environment and automatic updates . A cross-site scripting vulnerability exists in the Create User Inventory Add Device Notifications Alert Rule...

CVE-2019-15230

LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account...

CVE-2019-15230

LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account...

Design/Logic Flaw

LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account...

CVE-2019-15230

LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account...

CVE-2019-15230

CVE-2019-15230 affects LibreNMS v1.54, with a cross-site scripting (XSS) vulnerability in the admin console modules Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template. The flaw allows an authenticated attacker to inject client-side scripts, poten...

Cross-Site Scripting (XSS)

LibreNMS is vulnerable to cross-site scripting XSS. An authenticated user can inject malicious script through the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console...