Lotus Connections Security Vulnerabilities and Issues — Lotus Connections CVE List

Lucene search

IbmLotus Connections

8 matches found

CVE•added 2013/04/23 11:47 a.m.•38 views

CVE-2013-0503

Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00266EPSS

CVE•added 2010/06/15 2:30 p.m.•37 views

CVE-2010-2277

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vec...

4.3CVSS5.7AI score0.00463EPSS

CVE•added 2010/06/15 2:30 p.m.•37 views

CVE-2010-2278

The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via ...

4CVSS6.6AI score0.00688EPSS

CVE•added 2010/06/15 2:30 p.m.•37 views

CVE-2010-2280

Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH.

4.3CVSS6.8AI score0.00246EPSS

CVE•added 2011/02/14 10:0 p.m.•37 views

CVE-2011-1030

Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene."

4.3CVSS5.6AI score0.00256EPSS

CVE•added 2009/09/29 7:30 p.m.•35 views

CVE-2009-3469

Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

4.3CVSS5.6AI score0.0387EPSS

CVE•added 2008/10/31 6:9 p.m.•32 views

CVE-2008-4805

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (...

4.3CVSS5.5AI score0.00427EPSS

CVE•added 2009/10/28 10:30 a.m.•28 views

CVE-2009-3816

Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00289EPSS