Websphere Commerce Security Vulnerabilities and Issues — Websphere Commerce CVE List

Lucene search

IbmWebsphere Commerce

2 matches found

CVE•added 2016/07/03 9:59 p.m.•37 views

CVE-2016-2862

Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.1CVSS5.9AI score0.00427EPSS

CVE•added 2016/07/03 9:59 p.m.•37 views

CVE-2016-2863

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

8CVSS7.5AI score0.00102EPSS