Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-33014

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-18 Jul, 2025 | 18:51
Updated At-18 Aug, 2025 | 01:33
Rejected At-
Credits

IBM Sterling B2B Integrator and IBM Sterling File Gateway link injection

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:18 Jul, 2025 | 18:51
Updated At:18 Aug, 2025 | 01:33
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Sterling B2B Integrator and IBM Sterling File Gateway link injection

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

Affected Products
Vendor
IBM CorporationIBM
Product
Sterling B2B Integrator
CPEs
  • cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 6.0.0.0 through 6.1.2.7 (semver)
  • From 6.2.0.0 through 6.2.0.4 (semver)
Vendor
IBM CorporationIBM
Product
Sterling File Gateway
CPEs
  • cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 6.0.0.0 through 6.1.2.7 (semver)
  • From 6.2.0.0 through 6.2.0.4 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1022CWE-1022 Use of Web Link to Untrusted Target with window.opener Access
Type: CWE
CWE ID: CWE-1022
Description: CWE-1022 Use of Web Link to Untrusted Target with window.opener Access
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.7 IT47893 Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47893 Apply B2Bi 6.2.0.5 or 6.2.1.0 The IIM versions of 6.1.2.7_1, 6.2.0.5 and 6.2.1.0 are available on Fix Central. The container version of 6.1.2.7_1, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7240065
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7240065
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:18 Jul, 2025 | 19:15
Updated At:02 Aug, 2025 | 01:42

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CPE Matches
IBM Corporation
ibm
>>sterling_b2b_integrator>>Versions from 6.0.0.0(inclusive) to 6.1.2.7_1(exclusive)
cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
IBM Corporation
ibm
>>sterling_b2b_integrator>>Versions from 6.2(inclusive) to 6.2.0.5(exclusive)
cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
IBM Corporation
ibm
>>sterling_file_gateway>>Versions from 6.0.0.0(inclusive) to 6.1.2.7_1(exclusive)
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>sterling_file_gateway>>Versions from 6.2.0.0(inclusive) to 6.2.0.5(exclusive)
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>aix>>-
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1022Primarypsirt@us.ibm.com
CWE ID: CWE-1022
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7240065psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7240065
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

805Records found
CVE-2024-39727
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 20.80%
||
7 Day CHG~0.00%
Published-25 Dec, 2024 | 13:59
Updated-10 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Optimization - Engineering Insights tabnabbing

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_lifecycle_optimization_-_engineering_insightsEngineering Insights
CWE ID-CWE-1022
Use of Web Link to Untrusted Target with window.opener Access
CVE-2019-0831
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:16
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0830.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_enterprise_serversharepoint_foundationsharepoint_serverMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint FoundationMicrosoft SharePoint Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38870
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.20% / 42.68%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 17:40
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_on_cloudAspera
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-0557
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39014
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.14% / 33.97%
||
7 Day CHG~0.00%
Published-07 Jul, 2023 | 18:12
Updated-24 Oct, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Object Storage System cross-site scripting

IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_object_storage_systemCloud Object Storage System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39068
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 44.07%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 18:17
Updated-17 Sep, 2024 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306.

Action-Not Available
Vendor-IBM Corporation
Product-curam_social_program_managementCuram Social Program Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39054
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.29%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 17:55
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 214525.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-38642
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.72% / 71.45%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 22:25
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for iOS Spoofing Vulnerability

Microsoft Edge for iOS Spoofing Vulnerability

Action-Not Available
Vendor-Apple Inc.Microsoft Corporation
Product-iphone_osedgeMicrosoft Edge (Chromium-based)
CVE-2019-0556
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-20884
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 50.18%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:05
Updated-10 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)Microsoft Corporation
Product-workspace_one_accessidentity_managerlinux_kernelwindowscloud_foundationidentity_manager_connectorVMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-39079
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 17:30
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analytics_mobileCognos Analytics Mobile
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-0558
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.

Action-Not Available
Vendor-Microsoft Corporation
Product-business_productivity_serverssharepoint_serverMicrosoft SharePointMicrosoft Business Productivity ServersMicrosoft SharePoint Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38952
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 44.07%
||
7 Day CHG~0.00%
Published-28 Apr, 2022 | 16:10
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38966
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 44.07%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 19:10
Updated-17 Sep, 2024 | 01:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_automationworkflow_process_serviceCloud Pak for Automation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8650
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 14:00
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_enterprise_serverMicrosoft SharePoint
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38982
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 44.07%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212791.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-0830
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:16
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_enterprise_serversharepoint_foundationsharepoint_serverMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint FoundationMicrosoft SharePoint Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38944
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 43.89%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 19:30
Updated-16 Sep, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 211236.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8568
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 49.35%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 01:00
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_enterprise_serversharepoint_foundationsharepoint_serverMicrosoft SharePointMicrosoft SharePoint Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-2075
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG~0.00%
Published-16 Mar, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Linux Kernel Organization, Inc
Product-linux_kernelvrealize_business_advanced_and_enterprisen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38946
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.69% / 70.76%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 16:30
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39038
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.20%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 17:10
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server LibertyWebSphere Application Server
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2011-1252
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-20.85% / 95.40%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39059
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 44.07%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 16:10
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619.

Action-Not Available
Vendor-IBM Corporation
Product-jazz_foundationJazz Team Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0096
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-79.92% / 99.07%
||
7 Day CHG~0.00%
Published-31 Jan, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38893
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.29% / 52.27%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 19:10
Updated-17 Sep, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512.

Action-Not Available
Vendor-IBM Corporation
Product-workflow_process_servicebusiness_automation_workflowbusiness_process_managerCloud Pak for AutomationBusiness Process Manager Standard
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38871
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 44.07%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 16:15
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-jazz_team_serverwindowslinux_kernelJazz Team Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38961
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 33.39%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 17:10
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049.

Action-Not Available
Vendor-IBM Corporation
Product-power_system_ac922_\(8335-gtw\)power_system_ac922_\(8335-gtg\)_firmwarepower_system_ac922_\(8335-gtc\)_firmwarepower_system_ac922_\(8335-gtg\)power_system_ac922_\(8335-gtw\)_firmwarepower_system_ac922_\(8335-gtc\)OPENBMC
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39035
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.89%
||
7 Day CHG-0.09%
Published-16 Aug, 2022 | 18:45
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213965.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelhp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-27270
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 22.02%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 12:42
Updated-05 Mar, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty cross-site scripting

IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server Liberty
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38903
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 35.35%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 16:30
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38641
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.72% / 71.45%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 22:25
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Spoofing Vulnerability

Microsoft Edge for Android Spoofing Vulnerability

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-androidedgeMicrosoft Edge (Chromium-based)
CVE-2021-38909
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 53.62%
||
7 Day CHG~0.00%
Published-03 Dec, 2021 | 17:00
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38876
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 45.20%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 17:10
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25042
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.30%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 16:20
Updated-10 Jan, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics cross-site scripting

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analyticsCognos Analytics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25709
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 35.96%
||
7 Day CHG+0.04%
Published-04 Apr, 2024 | 17:55
Updated-12 May, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Self-XSS style in move item dialog

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindowsportal_for_arcgisPortal for ArcGIS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-5159
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.77% / 72.58%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 14:20
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.

Action-Not Available
Vendor-invisioncommunityn/aMicrosoft Corporation
Product-invision_power_boardinternet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25705
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.57%
||
7 Day CHG+0.07%
Published-04 Apr, 2024 | 17:55
Updated-12 May, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site scripting issue in embed widget

There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are low.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")Microsoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernelportal_for_arcgisPortal for ArcGIS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25041
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.49%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 18:55
Updated-01 Aug, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics cross-site scripting

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analyticsCognos Analytics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38934
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.78%
||
7 Day CHG~0.00%
Published-29 Aug, 2022 | 21:10
Updated-16 Sep, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_test_managementrational_quality_managerEngineering Test Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25698
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.41% / 60.63%
||
7 Day CHG+0.11%
Published-04 Apr, 2024 | 17:54
Updated-10 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS in Portal for ArcGIS

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

Action-Not Available
Vendor-Linux Kernel Organization, IncEnvironmental Systems Research Institute, Inc. ("Esri")Microsoft Corporation
Product-linux_kernelportal_for_arcgiswindowsPortal for ArcGISportal_for_arcgis
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-0031
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.47% / 80.08%
||
7 Day CHG~0.00%
Published-13 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-0029
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.47% / 80.08%
||
7 Day CHG~0.00%
Published-13 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-0030
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.47% / 80.08%
||
7 Day CHG~0.00%
Published-13 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-0032
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.47% / 80.08%
||
7 Day CHG~0.00%
Published-13 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39015
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.89%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 16:15
Updated-25 Mar, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-engineering_lifecycle_optimization_-_publishingengineering_lifecycle_optimization_publishingwindowslinux_kernelEngineering Lifecycle Optimization Publishing
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-47983
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 40.31%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:42
Updated-26 Mar, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22357
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 33.97%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 02:28
Updated-07 Mar, 2025 | 12:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integratorsterling_b2b_integrator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22344
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 23.10%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 17:41
Updated-28 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms information disclosure

IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 280191.

Action-Not Available
Vendor-IBM Corporation
Product-txseries_for_multiplatformTXSeries for Multiplatformstxseries_for_multiplatforms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38877
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.33% / 54.96%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208405.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixjazz_for_service_managementwindowslinux_kernelJazz for Service Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found