Lucene search

[email protected]CVE-2008-3860

HistoryAug 29, 2008 - 4:41 p.m.

CVE-2008-3860

2008-08-2916:41:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-3860

ibm lotus quickr

xss

wysiwyg

html

remote attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163.

Affected configurations

NVD

Node

ibmaix

ibmi5os

microsoftwindows_nt

AND

ibmlotus_quickrMatch8.1

CPENameOperatorVersion
ibm:lotus_quickribm lotus quickreq8.1

CPE	Name	Operator	Version
ibm:lotus_quickr	ibm lotus quickr	eq	8.1

References

osvdb.org/49772

osvdb.org/49776

secunia.com/advisories/31634

www-01.ibm.com/support/docview.wss?uid=swg27013341

www.securitytracker.com/id?1020762

www.vupen.com/english/advisories/2008/2444

exchange.xforce.ibmcloud.com/vulnerabilities/44694

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Related for CVE-2008-3860

cvelist3 nvd3 prion3 seebug1 cve2