EUVD-2016-0258

Malware in sbrugna...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Forms Server (CVE-2016-3092 )

Summary An Apache Commons FileUpload vulnerability for handling string edge case was addressed by IBM Forms Server. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending...

Security Bulletin: IBM Forms Server may be affected by an Apache Xerces-C XML Parser library vulnerability (CVE-2016-0729, CVE-2016-4463)

Summary An IBM Form XFDL document that contains a specially crafted mark-up could crash IBM Forms Server. This may expose a vulnerability in its use of the Apache Xerces-C XML Parser library. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable ...

Security Bulletin: IBM Forms Server vulnerability identified in Webform Server (CVE-2016-0223)

Summary IBM Forms Server's Webform Framework API is vulnerable to cross-site scripting when a specifically-crafted URL is used within the web browser. Vulnerability Details CVEID: CVE-2016-0223 DESCRIPTION: IBM Forms Server is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: Vulnerability in Apache Commons Collections affects IBM Forms Server (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Forms Server. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

Security Bulletin: IBM Forms Experience Builder is affected by a Dojo Toolkit vulnerability (CVE-2014-8917)

Summary IBM Forms Experience Builder uses the Dojo Toolkit which has a known cross-site scripting XSS vulnerability. Vulnerability Details CVEID: CVE-2014-8917 DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

CVE-2016-0223

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

CVE-2016-0223

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

CVE-2016-0223

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

CVE-2016-0223

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

CVE-2016-0223

CVE-2016-0223 affects IBM Forms Server (Webform Framework API) on 4.0., 8.0. , 8.1, 8.2. The vulnerability arises from improper validation of user-supplied input, allowing a remote attacker to execute arbitrary script via a specially crafted URL, i.e., a cross-site scripting (XSS) flaw. Impact in...

IBM Forms Server Cross-Site Scripting Vulnerability

IBM Forms Server is the United States IBM's set of scalable document-based form application of electronic form automation software. A cross-site scripting vulnerability exists in IBM Forms Server that stems from the program's failure to adequately filter user-submitted input. An attacker could...