Ibm

Kenexa Lms

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2016-8935

  • EPSS 0.3%
  • Published 31.03.2017 18:59:00
  • Last modified 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...

3.3

CVE-2016-5938

  • EPSS 0.06%
  • Published 01.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.

5.4

CVE-2016-5940

  • EPSS 0.23%
  • Published 01.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se...

5.7

CVE-2016-5941

  • EPSS 0.47%
  • Published 01.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

5.4

CVE-2016-5942

  • EPSS 0.22%
  • Published 01.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se...

7.6

CVE-2016-8928

  • EPSS 0.35%
  • Published 01.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

5.5

CVE-2016-8929

  • EPSS 0.28%
  • Published 01.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

7.6

CVE-2016-8930

  • EPSS 0.35%
  • Published 01.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

8.8

CVE-2016-8931

  • EPSS 2.12%
  • Published 01.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

8.8

CVE-2016-8932

  • EPSS 2.12%
  • Published 01.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.