CVE-2016-5933

IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.

Source: CVE-2016-5933

CVE-2016-9985

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

Source: CVE-2016-9985

CVE-2016-9006

IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264.

Source: CVE-2016-9006

CVE-2017-6533 (webpagetest)

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (benchmark) passed to the webpagetest-master/www/benchmarks/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6533 (webpagetest)

CVE-2017-6535 (webpagetest)

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6535 (webpagetest)

CVE-2017-6534 (webpagetest)

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (pssid) passed to the webpagetest-master/www/pss.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6534 (webpagetest)

CVE-2017-6536 (webpagetest)

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (url, pssid) passed to the webpagetest-master/www/weblite.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6536 (webpagetest)

CVE-2017-6538 (webpagetest)

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (video) passed to the webpagetest-master/www/speedindex/index.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6538 (webpagetest)

CVE-2017-6540 (webpagetest)

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (configs) passed to the webpagetest-master/www/benchmarks/compare.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6540 (webpagetest)

CVE-2017-6537 (webpagetest)

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6537 (webpagetest)