Lucene search
K

3612 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/05/31 1:40 p.m.27 views

Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-11358)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-10911 DESCRIPTION: Drupal core could allow a remote attacker to bypass security restrictions, caused by a flaw in the cookie management. By using a specially-crafted cookie, an attacker could...

9.8CVSS1AI score0.87218EPSS
Exploits5Affected Software1
Symantec
Symantec
added 2019/04/17 12:0 a.m.199 views

JQuery CVE-2019-11358 Cross Site Scripting Vulnerability

Description JQuery is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

4.3CVSS1.6AI score0.87218EPSS
Exploits4References8Affected Software54
exploitpack
exploitpack
added 2019/03/15 12:0 a.m.48 views

NetData 1.13.0 - HTML Injection

NetData 1.13.0 - HTML Injection Author: Marcelo Vázquez aka s4vitar NetData v1.13.0 HTML Injection Vulnerability Exploit Title: NetData v1.13.0 HTML Injection Vulnerability Date: 2019-03-14 Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendor Homepage:...

7.6AI score
Exploits0
Symantec
Symantec
added 2019/03/12 12:0 a.m.66 views

Microsoft Skype for Business and Lync Server CVE-2019-0798 Spoofing Vulnerability

Description Microsoft Skype for Business and Lync Server are prone to a spoofing vulnerability. An attacker can exploit this issue to conduct spoofing attacks, execute arbitrary script code in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

0.1AI score0.02084EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/07 5:10 a.m.23 views

Security Bulletin: Vulnerabilities in Apache Spark affect IBM Operations Analytics Predictive Insights (CVE-2018-8024, CVE-2018-1334)

Summary Apache Spark is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Apache Spark within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do...

5.4CVSS0.9AI score0.05046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/29 2:20 p.m.18 views

Security Bulletin: IBM API Connect is affected by multiple vulnerabilities in Drupal (CVE-2018-7603)

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-7603 DESCRIPTION: The Search Autocomplete for Drupal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerabili...

6.1CVSS1.1AI score0.00793EPSS
Exploits0Affected Software1
NVD
NVD
added 2018/10/10 9:29 p.m.20 views

CVE-2018-12455

Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie...

9.3CVSS8.1AI score0.04999EPSS
Exploits3References1
Prion
Prion
added 2018/07/24 3:29 p.m.18 views

Cross site scripting

Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

3.5CVSS5.9AI score0.00608EPSS
Exploits0References2Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/17 10:38 a.m.21 views

Security Bulletin: A Vulnerabilitiy in IBM ACF(Active Content Filter) affects IBM Cúram(CVE-2015-1917)

Summary IBM Cúram is shipped with IBM Active Content Filtering which is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser...

4.3CVSS0.6AI score0.01805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:24 p.m.19 views

Security Bulletin: IBM TRIRIGA Application platform is vulnerable to a cross-site scripting attack. (CVE-2016-2883)

Summary IBM TRIRIGA Application Platform is vulnerable to cross-site scripting that could be used to steal cookie-based authentication credentials.. Vulnerability Details CVEID: CVE-2016-2883 DESCRIPTION: IBM TRIRIGA is vulnerable to cross-site scripting, caused by improper validation of...

5.4CVSS0.6AI score0.00622EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:10 p.m.26 views

Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2015-1888)

Summary IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details CVEID: CVE-2015-1888 IBM Content Navigator is vulnerable to cross-site scripting. The vulnerability is caused by improper validation of user...

3.5CVSS2AI score0.00783EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:13 a.m.21 views

Security Bulletin: Multiple security vulnerabilities affect the Report Builder and Data Collection Component that are shipped with Jazz Reporting Service (CVE-2016-0350, CVE-2016-0313, CVE-2016-0314, CVE-2016-0315, CVE-2016-2888, CVE-2016-2889)

Summary There are multiple security vulnerabilities in the Report Builder and Data Collection Component DCC shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2016-0350 DESCRIPTION: IBM Jazz Reporting Service JRS is vulnerable to cross-site scripting, caused by improper...

8.8CVSS0.6AI score0.01028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:59 a.m.25 views

Security Bulletin: Cross-Site Scripting vulnerability in IBM Rational Quality Manager (CVE-2014-4801)

Summary IBM Quality Manager has a cross-site scripting vulnerability. Vulnerability Details CVEID: CVE-2014-4801 Description: IBM Rational Quality Manager is vulnerable to cross-site scripting, caused by improper validation of user supplied input. A remote attacker could exploit this vulnerabilit...

3.5CVSS1.1AI score0.00759EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:46 p.m.19 views

Security Bulletin: IBM Security Guardium is affected by Cross-Site Scripting vulnerability (CVE-2016-0246)

Summary IBM Security Guardium is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web...

6.1CVSS1.1AI score0.00765EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:6 p.m.20 views

Security Bulletin: Cross-site Scripting vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0967)

Summary IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to cross-site scripting that is caused by improper validation of user-supplied input. A remote attacker can use a specially crafted URL to run scripts in a victim's web browser within the security context of the...

3.5CVSS0.5AI score0.00759EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:44 p.m.19 views

Security Bulletin: Vulnerability in Open Source Dojo ToolKit affects IBM Social Media Analytics (CVE- 2015-5654)

Summary A Dojo ToolKit vulnerability affecting versions of Dojo prior to 1.2 was addressed by IBM Social Media Analytics. An upgrade to Dojo 1.8 was performed. Vulnerability Details CVEID: CVE-2015-5654 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation...

4.3CVSS1.2AI score0.02224EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:43 p.m.20 views

Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algo One - Algo Risk Application (CVE-2016-0390)

Summary Web Browser XSS Protection Not Enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header. Affects Algo Risk Application. Vulnerability Details CVEID: CVE-2016-0390 DESCRIPTION: IBM Algo One - Algo Risk Application is vulnerable to cross-site scripting,...

5.4CVSS0.4AI score0.00622EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:43 p.m.22 views

Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algo One - Algo Risk Application (CVE-2016-0390)

Summary Vulnerability in Web Browser XSS Protection Vulnerability Details CVEID: CVE-2016-0390 DESCRIPTION: IBM Algo One - Algo Risk Application is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a...

5.4CVSS0.5AI score0.00622EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.22 views

Security Bulletin: XSS Vulnerabilities in IBM Dojo Toolkit affect WebSphere Service Registry and Repository

Summary The IBM Dojo Toolkit shipped with WebSphere Service Registry and Repository contains files with cross-site scripting vulnerabilities. Vulnerability Details CVEID: CVE-2014-8917 DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of...

4.3CVSS7.6AI score0.0206EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.22 views

Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) Process Portal (CVE-2015-0105)

Summary IBM Business Process Manager is vulnerable to cross-site scripting, which is caused by the improper validation of user-supplied input. A remote attacker might exploit this vulnerability using a specially crafted URL to execute a script in a user's web browser within the security context o...

4.3CVSS1AI score0.01724EPSS
Exploits0Affected Software3
Rows per page
Query Builder