Kenexa Lms

kenexa_lms

Vendor: Ibm • 11 CVEs

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-8935 1Ibm 1Kenexa Lms May 13, 2026 Mar 31, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fu...Show more IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.Show less
CVE-2016-8933 1Ibm 1Kenexa Lms May 13, 2026 Feb 1, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the syste...Show more IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.Show less
CVE-2016-8932 1Ibm 1Kenexa Lms May 13, 2026 Feb 1, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8931 1Ibm 1Kenexa Lms May 13, 2026 Feb 1, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8930 1Ibm 1Kenexa Lms May 13, 2026 Feb 1, 2017 N/A· v4 7.6 HIGH· v3 6.5 MEDIUM· v2 IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8929 1Ibm 1Kenexa Lms May 13, 2026 Feb 1, 2017 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8928 1Ibm 1Kenexa Lms May 13, 2026 Feb 1, 2017 N/A· v4 7.6 HIGH· v3 6.5 MEDIUM· v2 IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-5942 1Ibm 1Kenexa Lms May 13, 2026 Feb 1, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...Show more IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2016-5941 1Ibm 1Kenexa Lms May 13, 2026 Feb 1, 2017 N/A· v4 5.7 MEDIUM· v3 3.5 LOW· v2 IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the syste...Show more IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.Show less
CVE-2016-5940 1Ibm 1Kenexa Lms May 13, 2026 Feb 1, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...Show more IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2016-5938 1Ibm 1Kenexa Lms May 13, 2026 Feb 1, 2017 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.