Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:websphere_portal:1.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-6093 |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: November 25, 2014; 9:59:00 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-0587 |
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme. Published: August 15, 2013; 9:55:15 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-5675 |
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI." Published: December 18, 2008; 8:52:57 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-3127 |
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. Published: June 19, 2007; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-3128 |
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. Published: June 19, 2007; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |