CVE-2020-4226
- EPSS 0.21%
- Published 27.05.2020 14:15:11
- Last modified 21.11.2024 05:32:25
IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Forc...
CVE-2017-1772
- EPSS 0.18%
- Published 04.04.2018 18:29:01
- Last modified 21.11.2024 03:22:20
IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le...
CVE-2017-1500
- EPSS 0.21%
- Published 01.08.2017 18:29:00
- Last modified 20.04.2025 01:37:25
A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" n...