Lucene search

MitreCVE-2009-3453

HistorySep 29, 2009 - 6:00 p.m.

CVE-2009-3453

2009-09-2918:00:00

CWE-79

mitre

web.nvd.nist.gov

ibm lotus quickr

websphere portal

xss

vulnerabilities

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template.

Affected configurations

Nvd

Node

ibmlotus_quickrMatch8.1.0ibm_webpshere_portal

VendorProductVersionCPE
ibmlotus_quickr8.1.0cpe:2.3:a:ibm:lotus_quickr:8.1.0:*:ibm_webpshere_portal:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_quickr	8.1.0	cpe:2.3:a:ibm:lotus_quickr:8.1.0::ibm_webpshere_portal:::::

References

osvdb.org/58384

secunia.com/advisories/36899

www-01.ibm.com/support/docview.wss?uid=swg1LO36646

www-01.ibm.com/support/docview.wss?uid=swg21405163

www.securityfocus.com/bid/36527

www.securitytracker.com/id?1022952

www.vupen.com/english/advisories/2009/2779

exchange.xforce.ibmcloud.com/vulnerabilities/53489

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

Related for CVE-2009-3453