- Home
- CVEs with nessus.description==The version of IBM WebSphere Portal installed on the remote host is 6.1.0.x prior 6.1.0.6 CF27. It is, therefore, affected by multiple vulnerabilities :
- A cross-site scripting vulnerability exists in the 'boot_config.jsp' script due to improper validation of user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the security context of a user's browser to steal authentication cookies.
(CVE-2014-0952)
- An unspecified cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the security context of a user's web browser to steal authentication cookies. (CVE-2014-0956)
- An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808)
- A flaw exists due to improper recursion detection during entity expansion. A remote attacker, via a specially crafted XML document, can cause the system to crash, resulting in a denial of service. (CVE-2014-4814)
- An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes.
(CVE-2014-4821)
- An unspecified reflected cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute arbitrary script code in a user's web browser within the security context of the hosting website. This allows an attacker to steal a user's cookie-based authentication credentials. (CVE-2014-6215)
- An unspecified reflected cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute arbitrary script code in a user's web browser within the security context of the hosting website. This allows an attacker to steal a user's cookie-based authentication credentials. (CVE-2014-8909)
- An unspecified flaw exists that is trigged when handling Portal requests. A remote attacker can exploit this to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-1943)
- An unspecified reflected cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute arbitrary script code in a user's web browser within the security context of the hosting website. This allows an attacker to steal a user's cookie-based authentication credentials. (CVE-2016-2925)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top