Lucene search

[email protected]NVD:CVE-2008-3860

HistoryAug 29, 2008 - 4:41 p.m.

CVE-2008-3860

2008-08-2916:41:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163.

Affected configurations

NVD

Node

ibmaix

ibmi5os

microsoftwindows_nt

AND

ibmlotus_quickrMatch8.1

References

osvdb.org/49772

osvdb.org/49776

secunia.com/advisories/31634

www-01.ibm.com/support/docview.wss?uid=swg27013341

www.securitytracker.com/id?1020762

www.vupen.com/english/advisories/2008/2444

exchange.xforce.ibmcloud.com/vulnerabilities/44694

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Related for NVD:CVE-2008-3860

cvelist3 cve3 prion3 nvd2 seebug1