|
248691
|
5.4 |
MEDIUM
Network
|
ibm
|
emptoris_spend_analysis
|
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1446
|
2024-11-21 12:21 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248692
|
5.4 |
MEDIUM
Network
|
ibm
|
emptoris_spend_analysis
|
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1445
|
2024-11-21 12:21 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248693
|
6.1 |
MEDIUM
Network
|
ibm
|
emptoris_services_procurement
|
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1443
|
2024-11-21 12:21 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248694
|
8.8 |
HIGH
Network
|
ibm
|
emptoris_services_procurement
|
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the web…
|
CWE-352
Origin Validation Error
|
CVE-2017-1442
|
2024-11-21 12:21 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248695
|
5.5 |
MEDIUM
Local
|
ibm
|
emptoris_services_procurement
|
IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106.
|
NVD-CWE-noinfo
|
CVE-2017-1441
|
2024-11-21 12:21 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248696
|
8.8 |
HIGH
Network
|
ibm
|
emptoris_services_procurement
|
IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote sys…
|
CWE-94
Code Injection
|
CVE-2017-1440
|
2024-11-21 12:21 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248697
|
5.4 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially …
|
CWE-79
Cross-site Scripting
|
CVE-2017-1485
|
2024-11-21 12:21 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248698
|
6.1 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnera…
|
CWE-20
Improper Input Validation
|
CVE-2017-1428
|
2024-11-21 12:21 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248699
|
6.1 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially …
|
CWE-79
Cross-site Scripting
|
CVE-2017-1427
|
2024-11-21 12:21 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248700
|
6.1 |
MEDIUM
Network
|
ibm
|
curam_social_program_management
|
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafte…
|
CWE-601
Open Redirect
|
CVE-2017-1195
|
2024-11-21 12:21 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
