13 matches found
EUVD-2017-6586
Malware in sbrugna...
EUVD-2014-0970
Malware in sbrugna...
RHEL 7 : Red Hat CloudForms (RHSA-2018:0380)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0380 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...
Cross-site Scripting (XSS)
cloudforms is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as a flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute...
Cross site scripting
A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CS...
CVE-2017-15125
CloudForms is affected by CVE-2017-15125 due to a stored XSS flaw in the self-service UI snapshot feature where the name field is not properly sanitized for HTML/JavaScript input. An attacker could exploit this to execute a stored XSS attack against an application administrator; CSP mitigates the...
CVE-2014-0940
Multiple cross-site scripting XSS vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 REST API or 2 Self Service UI...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 REST API or 2 Self Service UI...
CVE-2014-0940
Multiple cross-site scripting XSS vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 REST API or 2 Self Service UI...
CVE-2009-3262
Cross-site scripting XSS vulnerability in the Self Service UI SSUI in IBM Tivoli Identity Manager ITIM 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile...
Cross site scripting
Cross-site scripting XSS vulnerability in the Self Service UI SSUI in IBM Tivoli Identity Manager ITIM 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile...
CVE-2009-3262
Cross-site scripting XSS vulnerability in the Self Service UI SSUI in IBM Tivoli Identity Manager ITIM 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile...
CVE-2009-2316
Multiple cross-site scripting XSS vulnerabilities in IBM Tivoli Identity Manager ITIM 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in 1 the self-service UI interface or 2 the console interface. NOTE: it was later reported that 4.6.0 is also...