Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:websphere_commerce:5.6.1.4
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0566 |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: August 26, 2013; 11:34:34 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-0523 |
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access. Published: June 21, 2013; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |