Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmWebsphere Portal

126 matches found

CVE
CVEadded 2011/05/26 4:55 p.m.41 views

CVE-2011-2172

Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00427EPSS
CVE
CVEadded 2013/06/03 9:55 p.m.41 views

CVE-2013-0549

Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a...

4.3CVSS5.7AI score0.00322EPSS
CVE
CVEadded 2014/04/02 3:58 a.m.41 views

CVE-2014-0901

Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.2AI score0.0018EPSS
CVE
CVEadded 2014/05/22 11:14 a.m.41 views

CVE-2014-0958

Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8CVSS6.6AI score0.00227EPSS
CVE
CVEadded 2015/03/13 1:59 a.m.41 views

CVE-2015-0139

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS
CVE
CVEadded 2017/03/27 10:59 p.m.41 views

CVE-2017-1120

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.

6.1CVSS6AI score0.00282EPSS
CVE
CVEadded 2012/07/03 9:55 p.m.40 views

CVE-2012-2181

Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL.

5CVSS6.6AI score0.00094EPSS
CVE
CVEadded 2014/02/14 1:10 p.m.40 views

CVE-2013-6722

Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors.

5.8CVSS6.8AI score0.0054EPSS
CVE
CVEadded 2014/05/16 11:12 a.m.40 views

CVE-2014-0917

Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.6AI score0.00256EPSS
CVE
CVEadded 2014/05/22 11:14 a.m.40 views

CVE-2014-0951

Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00266EPSS
CVE
CVEadded 2014/05/22 11:14 a.m.40 views

CVE-2014-0956

Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00266EPSS
CVE
CVEadded 2014/07/29 8:55 p.m.40 views

CVE-2014-3056

The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors.

5CVSS6.2AI score0.00321EPSS
CVE
CVEadded 2014/08/12 5:1 a.m.40 views

CVE-2014-4760

Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted UR...

5.8CVSS6.5AI score0.00328EPSS
CVE
CVEadded 2014/10/28 7:55 p.m.40 views

CVE-2014-4821

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of f...

5CVSS6.4AI score0.00321EPSS
CVE
CVEadded 2014/12/19 2:59 a.m.40 views

CVE-2014-8902

Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.7AI score0.00266EPSS
CVE
CVEadded 2015/07/14 2:59 p.m.40 views

CVE-2015-1887

IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.

5CVSS6.1AI score0.00285EPSS
CVE
CVEadded 2015/04/27 11:59 a.m.40 views

CVE-2015-1908

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web ...

4.3CVSS5.7AI score0.0023EPSS
CVE
CVEadded 2017/09/28 1:29 a.m.40 views

CVE-2017-1577

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

7.5CVSS7.3AI score0.01468EPSS
CVE
CVEadded 2018/04/11 4:29 p.m.40 views

CVE-2018-1483

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.

6.1CVSS5.8AI score0.00248EPSS
CVE
CVEadded 2007/06/19 5:30 p.m.39 views

CVE-2007-3127

content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.

5CVSS6.6AI score0.09916EPSS
CVE
CVEadded 2008/12/19 1:52 a.m.39 views

CVE-2008-5675

Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI."

10CVSS6.3AI score0.00509EPSS
CVE
CVEadded 2010/04/12 5:30 p.m.39 views

CVE-2010-1348

Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors.

7.5CVSS6.7AI score0.00668EPSS
CVE
CVEadded 2014/05/22 11:14 a.m.39 views

CVE-2014-0955

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.2AI score0.00266EPSS
CVE
CVEadded 2014/12/19 2:59 a.m.39 views

CVE-2014-6171

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00289EPSS
CVE
CVEadded 2015/12/21 11:59 a.m.39 views

CVE-2015-7413

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00266EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.39 views

CVE-2015-7457

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.1CVSS5.8AI score0.00193EPSS
CVE
CVEadded 2018/01/11 5:29 p.m.39 views

CVE-2018-1361

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158.

6.1CVSS5.8AI score0.00405EPSS
CVE
CVEadded 2018/03/14 12:29 a.m.39 views

CVE-2018-1444

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906.

5.4CVSS5.2AI score0.00237EPSS
CVE
CVEadded 2013/08/16 1:55 a.m.38 views

CVE-2013-0587

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme.

4.3CVSS5.6AI score0.00266EPSS
CVE
CVEadded 2014/03/04 10:55 p.m.38 views

CVE-2013-6730

IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item with...

4.3CVSS6.6AI score0.00186EPSS
CVE
CVEadded 2014/07/29 8:55 p.m.38 views

CVE-2014-3057

Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00265EPSS
CVE
CVEadded 2015/12/21 11:59 a.m.38 views

CVE-2015-4993

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnera...

6.1CVSS5.9AI score0.00266EPSS
CVE
CVEadded 2016/02/15 2:59 a.m.38 views

CVE-2015-7472

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors.

7.2CVSS6.9AI score0.00219EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.38 views

CVE-2016-0243

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a differe...

6.1CVSS5.8AI score0.00256EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.38 views

CVE-2016-0245

The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) i...

5.5CVSS5.3AI score0.0031EPSS
CVE
CVEadded 2016/06/26 1:59 a.m.38 views

CVE-2016-2901

Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

8.8CVSS8.6AI score0.00142EPSS
CVE
CVEadded 2018/07/11 4:29 p.m.37 views

CVE-2013-2951

IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.

7.8CVSS6.9AI score0.00048EPSS
CVE
CVEadded 2014/04/02 3:58 a.m.37 views

CVE-2014-0828

Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecifi...

4.3CVSS5.7AI score0.00256EPSS
CVE
CVEadded 2014/05/22 11:14 a.m.37 views

CVE-2014-0959

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect.

4CVSS6.2AI score0.00373EPSS
CVE
CVEadded 2014/09/12 1:55 a.m.37 views

CVE-2014-4792

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files.

4CVSS6.2AI score0.00514EPSS
CVE
CVEadded 2014/10/28 7:55 p.m.37 views

CVE-2014-6125

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8CVSS6.6AI score0.00163EPSS
CVE
CVEadded 2015/02/13 2:59 a.m.37 views

CVE-2014-8909

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.1AI score0.00188EPSS
CVE
CVEadded 2015/12/21 11:59 a.m.37 views

CVE-2015-5001

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document.

6.8CVSS4.3AI score0.00648EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.37 views

CVE-2015-7491

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS4.9AI score0.0013EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.37 views

CVE-2016-8922

Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS6AI score0.00238EPSS
CVE
CVEadded 2008/08/04 1:41 a.m.36 views

CVE-2008-3423

IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.

7.5CVSS6.8AI score0.00658EPSS
CVE
CVEadded 2011/05/26 4:55 p.m.36 views

CVE-2011-2173

The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests.

4CVSS6.3AI score0.00374EPSS
CVE
CVEadded 2013/06/03 9:55 p.m.36 views

CVE-2013-2950

CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP header...

3.5CVSS6.5AI score0.00227EPSS
CVE
CVEadded 2014/05/22 11:14 a.m.36 views

CVE-2014-0954

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial...

6.8CVSS6.7AI score0.00254EPSS
CVE
CVEadded 2014/07/29 8:55 p.m.36 views

CVE-2014-3054

Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8CVSS6.9AI score0.00312EPSS
Total number of security vulnerabilities126