Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmKenexa Lms On Cloud

10 matches found

CVE
CVEadded 2017/02/01 8:59 p.m.40 views

CVE-2016-8911

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

5.4CVSS6.1AI score0.00126EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.37 views

CVE-2016-6124

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

8.8CVSS8.9AI score0.02857EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.36 views

CVE-2016-5939

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

6.5CVSS6.8AI score0.00252EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.35 views

CVE-2016-6126

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

6.5CVSS6.9AI score0.00638EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.33 views

CVE-2016-6122

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.

4.3CVSS5.3AI score0.00179EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.31 views

CVE-2016-6125

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.7AI score0.00227EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.30 views

CVE-2016-6123

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.7AI score0.00227EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.30 views

CVE-2016-8912

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.

4.3CVSS5.2AI score0.00156EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.28 views

CVE-2016-8913

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

6.5CVSS6.9AI score0.00638EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.27 views

CVE-2016-8920

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.7AI score0.00227EPSS