- Home
- CVEs with nessus.description==The version of IBM WebSphere Portal installed on the remote host is affected by the multiple vulnerabilities :
- Multiple vulnerabilities exist in the Apache Cordova component, including cross-application scripting, security bypass, and information disclosure.
(CVE-2014-3500, CVE-2014-3501, CVE-2014-3502)
- An information disclosure flaw exists that allows remote authenticated attackers to obtain credentials by reading HTML source code. (CVE-2014-4761)
- An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808)
- A flaw exists that is caused by improper recursion detection during entity expansion. By tricking a user into opening a specially-crafted XML document, an attacker can cause the system to crash, resulting in a denial of service. (CVE-2014-4814)
- An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes.
(CVE-2014-4821)
- A flaw exists in CKEditor in the Preview plugin that allows a cross-site scripting attack. The flaw exists due to 'plugins/preview/preview.html' not properly validating user-supplied input before returning it to users. This allows an attacker to send a specially crafted request designed to steal cookie-based authentication credentials. (CVE-2014-5191)
- A cross-site request forgery vulnerability exists due to improper validation of user-supplied input. By tricking a user into visiting a malicious website, a remote attacker can perform cross-site scripting attacks, web cache poisoning, and other malicious activities. (CVE-2014-6125)
- A cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can execute code within a victim's web browser within the context of the hosted site. This can lead to the compromise of the user's cookie-based authentication credentials. (CVE-2014-6126)
- An unspecified cross-site scripting vulnerability exists due to improper validation of user input.
(CVE-2014-4762)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top