Websphere Commerce Security Vulnerabilities and Issues — Websphere Commerce CVE List

Lucene search

IbmWebsphere Commerce

4 matches found

CVE•added 2016/01/10 3:59 a.m.•35 views

CVE-2015-7397

Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.

7.4CVSS7.3AI score0.00338EPSS

CVE•added 2016/01/18 5:59 a.m.•31 views

CVE-2015-5009

Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS5AI score0.00375EPSS

CVE•added 2016/01/18 5:59 a.m.•28 views

CVE-2015-5008

Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.1CVSS5.9AI score0.00654EPSS

CVE•added 2016/01/15 3:59 a.m.•27 views

CVE-2015-5007

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

8.8CVSS8.3AI score0.00112EPSS