← Back

Forms Experience Builder

forms_experience_builder

Vendor: Ibm • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2014-6169
1Ibm
1Forms Experience Builder
Nov 21, 2024
Apr 12, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777.
CVE-2016-0369
1Ibm
1Forms Experience Builder
Nov 21, 2024
Feb 21, 2018
N/A· v4
2.7 LOW· v3
4.0 MEDIUM· v2
XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088.
CVE-2016-6001
1Ibm
1Forms Experience Builder
May 13, 2026
Feb 1, 2017
N/A· v4
3.1 LOW· v3
3.5 LOW· v2
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
CVE-2016-2884
1Ibm
1Forms Experience Builder
May 6, 2026
Nov 30, 2016
N/A· v4
8.0 HIGH· v3
6.0 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication...Show more
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.Show less
CVE-2016-0370
1Ibm
1Forms Experience Builder
May 6, 2026
Sep 1, 2016
N/A· v4
2.7 LOW· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was...Show more
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.Show less