Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8935 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483. | |||||
CVE-2016-8933 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
CVE-2016-8932 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
CVE-2016-8931 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
CVE-2016-8930 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
CVE-2016-8929 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
CVE-2016-8928 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
CVE-2016-5942 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2016-5941 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
CVE-2016-5940 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2016-5938 | 1 Ibm | 1 Kenexa Lms | 2024-11-21 | 2.1 LOW | 3.3 LOW |
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. |