Every CVE whose affected-product data names Ibm Kenexa Lms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2016-8931 — CVSS 8.8 (high): IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code…
CVE-2016-8932 — CVSS 8.8 (high): IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code…
CVE-2016-8930 — CVSS 7.6 (high): IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow…
CVE-2016-8928 — CVSS 7.6 (high): IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow…
CVE-2016-8933 — CVSS 6.5 (medium): IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL…
CVE-2016-5941 — CVSS 5.7 (medium): IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL…
CVE-2016-8935 — CVSS 5.4 (medium): IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows…
CVE-2016-5940 — CVSS 5.4 (medium): IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2016-5942 — CVSS 5.4 (medium): IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2016-8929 — CVSS 5.4 (medium): IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow…
CVE-2016-5938 — CVSS 3.3 (low): IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.