PT-2024-15097 · Auth0 · Login By Auth0 Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Login by Auth0 plugin for WordPress versions up to, and including, 4.6.0 Description: The issue is related to Reflected Cross-Site Scripting via the wle parameter due to insufficient input sanitization and output escaping. This allows...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager (BPM), WebSphere Process Server (WPS), WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (WLE) (Java CPU January 2018)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federati...

Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter

XSS via a wle parameter associated with wp-login.php. WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...

Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter

XSS via a wle parameter associated with wp-login.php. PoC WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...

CVE-2015-0110

IBM Business Process Manager aka BPM 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition aka WLE 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL...

Design/Logic Flaw

IBM Business Process Manager aka BPM 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition aka WLE 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL...

CVE-2015-0110

IBM BPM/ WLE are affected by CVE-2015-0110: authenticated remote users can access internal service types via executeServiceByName without proper restrictions. Affected products include IBM BPM Standard/Express/Advanced 7.5.x, 8.0.x, 8.5.x and WebSphere Lombardi Edition 7.2.x. Root cause: lack of ...

CVE-2015-1884

Directory traversal vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted...

Directory traversal

Directory traversal vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted...

CVE-2015-1884

IBM Business Process Manager (BPM) and WebSphere Lombardi Edition are affected by a directory traversal vulnerability (CVE-2015-1884) due to insufficient input validation in the internationalization-file URL. Vulnerable products/versions include BPM Standard/Express/Advanced 7.5.x–8.5.5.0 and WLE...

CVE-2015-0193

CVE-2015-0193 : A cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) arises from improper neutralization of user-supplied input in certain error conditions, allowing remote authenticated users to inject arbitrary web script or HTML ...

CVE-2015-0156

CVE-2015-0156 is a stored XSS vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE). The root cause is improper validation of user-supplied input, allowing a remote authenticated attacker to craft a URL that executes arbitrary web script in the victim’s browser ...

CVE-2015-0106

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a...

CVE-2015-0106

IBM BPM and WebSphere Lombardi Edition are affected by CVE-2015-0106: an XSS flaw from improper validation of user input that can be triggered by a crafted URL, allowing remote script execution in a user’s browser. Affected products/versions include IBM BPM Standard/Express/Advanced 7.5.x, 8.0.x,...