5 matches found
CVE-2016-0370
IBM Forms Experience Builder 8.5, 8.5.1 and 8.6 are affected by a cross-site scripting (XSS) vulnerability that can be triggered by crafted input in applications built with the product. The root cause is input not being adequately filtered, allowing an attacker with administrator access to cause ...
CVE-2014-6169
CVE-2014-6169 affects IBM Forms Experience Builder 8.5.0 and 8.5.1. The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected sources confirm the affected product versions and the XSS nature b...
CVE-2016-2884
IBM Forms Experience Builder is vulnerable to cross-site request forgery when configured with non-default settings. The issue arises from improper validation of user-supplied input, enabling a remote attacker to craft requests authenticated as the user and potentially insert XSS sequences. Affect...
CVE-2016-6001
IBM Forms Experience Builder is affected by CVE-2016-6001 (SSRF) in versions 8.5, 8.5.1, and 8.6. The vulnerability arises from server-side requests initiated from the application design interface, allowing information disclosure of internal resources. Remediation is available: upgrade to IBM For...
CVE-2016-0369
IBM Forms Experience Builder versions 8.5, 8.5.1 and 8.6 are affected by an XML External Entity (XXE) processing vulnerability. The root cause is XXE when processing XML data, which could allow a remote authenticated attacker to obtain sensitive information. The CVSS v3 base score is 2.7 (LOW). R...