Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmWebsphere Portal

126 matches found

CVE
CVEadded 2015/09/14 10:59 p.m.36 views

CVE-2015-1943

IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

7.8CVSS6.5AI score0.00939EPSS
CVE
CVEadded 2016/01/27 5:59 a.m.36 views

CVE-2016-0209

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS5.8AI score0.00225EPSS
CVE
CVEadded 2013/11/13 3:55 p.m.35 views

CVE-2013-5379

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality.

3.5CVSS5.3AI score0.00188EPSS
CVE
CVEadded 2014/05/16 11:12 a.m.35 views

CVE-2014-0918

Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL.

7.1CVSS6.6AI score0.0019EPSS
CVE
CVEadded 2014/08/12 5:1 a.m.35 views

CVE-2014-3102

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00162EPSS
CVE
CVEadded 2014/09/12 1:55 a.m.35 views

CVE-2014-4762

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00162EPSS
CVE
CVEadded 2015/03/13 1:59 a.m.35 views

CVE-2014-6214

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8CVSS6.7AI score0.00119EPSS
CVE
CVEadded 2015/07/14 2:59 p.m.35 views

CVE-2015-1944

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00162EPSS
CVE
CVEadded 2015/11/14 3:59 a.m.35 views

CVE-2015-7419

IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.

7.8CVSS6.6AI score0.00943EPSS
CVE
CVEadded 2018/02/09 5:29 p.m.35 views

CVE-2018-1401

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437.

6.1CVSS5.8AI score0.00405EPSS
CVE
CVEadded 2018/09/27 7:29 p.m.35 views

CVE-2018-1716

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164...

6.1CVSS5.8AI score0.00235EPSS
CVE
CVEadded 2013/11/13 3:55 p.m.34 views

CVE-2013-5378

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration.

3.5CVSS5.2AI score0.00208EPSS
CVE
CVEadded 2015/03/13 1:59 a.m.34 views

CVE-2015-0177

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS
CVE
CVEadded 2018/02/09 5:29 p.m.34 views

CVE-2017-1761

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005...

6.1CVSS5.8AI score0.00282EPSS
CVE
CVEadded 2018/02/27 5:29 p.m.34 views

CVE-2018-1416

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822...

6.1CVSS5.8AI score0.00248EPSS
CVE
CVEadded 2018/04/17 3:29 p.m.34 views

CVE-2018-1445

IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...

5.4CVSS5.2AI score0.00269EPSS
CVE
CVEadded 2018/10/12 5:29 a.m.34 views

CVE-2018-1673

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108...

6.1CVSS5.8AI score0.00263EPSS
CVE
CVEadded 2013/12/22 3:16 p.m.33 views

CVE-2013-6328

Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors i...

4.3CVSS5.6AI score0.00295EPSS
CVE
CVEadded 2014/10/28 7:55 p.m.33 views

CVE-2014-6126

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.0023EPSS
CVE
CVEadded 2017/12/20 6:29 p.m.33 views

CVE-2017-1423

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.

5.3CVSS5.2AI score0.00222EPSS
CVE
CVEadded 2018/09/27 7:29 p.m.33 views

CVE-2018-1660

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886...

5.4CVSS5.2AI score0.00481EPSS
CVE
CVEadded 2011/01/28 9:0 p.m.32 views

CVE-2011-0679

IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message."

5CVSS6.2AI score0.02558EPSS
CVE
CVEadded 2011/07/17 8:55 p.m.32 views

CVE-2011-2754

Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00236EPSS
CVE
CVEadded 2013/12/22 3:16 p.m.32 views

CVE-2013-4012

IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors...

4.9CVSS6.4AI score0.0034EPSS
CVE
CVEadded 2013/12/22 3:16 p.m.31 views

CVE-2013-6316

IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a ...

4.3CVSS6.1AI score0.00295EPSS
CVE
CVEadded 2018/10/01 3:0 p.m.31 views

CVE-2018-1420

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

6.5CVSS6.3AI score0.00154EPSS
Total number of security vulnerabilities126