Vulnerabilities > IBM > Websphere Service Registry AND Repository > 7.5.0.3

DATE CVE VULNERABILITY TITLE RISK
2014-12-24 CVE-2014-6179 Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2014-12-24 CVE-2014-6178 Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository
Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2014-12-24 CVE-2014-6155 Path Traversal vulnerability in IBM Websphere Service Registry and Repository
Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors.
network
low complexity
ibm CWE-22
4.0
4.0
2014-12-24 CVE-2014-6153 Cryptographic Issues vulnerability in IBM Websphere Service Registry and Repository
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
network
ibm CWE-310
4.3
4.3
2014-12-24 CVE-2014-6132 Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2014-05-30 CVE-2014-3010 Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
4.3
2013-12-17 CVE-2013-6721 Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository
Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.
network
ibm CWE-79
3.5
3.5