- Home
- CVEs with nessus.description==The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities :
- A denial of service vulnerability exists in the Apache Commons FileUpload library that allows an attacker to cause the application to enter an infinite loop.
(CVE-2014-0050)
- An unspecified denial of service vulnerability exists that allows a remote attacker to crash the host by sending a specially crafted web request.
(CVE-2014-0949)
- A cross-site scripting (XSS) vulnerability exists in the 'FilterForm.jsp' script due to improper user input validation. (CVE-2014-0951)
- An XSS vulnerability exists in the 'boot_config.jsp' script due to improper user input validation.
(CVE-2014-0952)
- An unspecified XSS vulnerability exists due to improper validation of user input. (CVE-2014-0953)
- A privilege escalation vulnerability exists in the Web Content Viewer portlet due to improper handling of JSP includes. A remote attacker can exploit this issue to obtain sensitive information, cause a denial of service, or control the request dispatcher by sending a specially crafted URL request. (CVE-2014-0954)
- An XSS vulnerability exists in the Social Rendering feature due to improper validation of user input. Note that this only affects installs using IBM Connections with the Social Rendering feature. (CVE-2014-0955)
- An unspecified XSS vulnerability exists due to improper validation of user input in a JSP script.
(CVE-2014-0956)
- An unspecified open redirect vulnerability exists that allows an attacker to perform a phishing attack by enticing a user to click on a malicious URL.
(CVE-2014-0958)
- An unspecified denial of service vulnerability exists that allows an authenticated attacker to cause a successful login to loop back to the login page indefinitely. (CVE-2014-0959)
An attacker can exploit the XSS vulnerabilities to execute code in the security context of a user's browser in order to steal authentication cookies.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top