Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1216


Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1216
Last Modified 07 Mar 2011 10:06:20
Published 08 Mar 2008 09:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element.

Vulnerable Systems


  • Ibm Lotus Quickr Server 8.0


VUPEN - ADV-2008-0667

BID - 27925

BUGTRAQ - 20080222 IBM Quickr 8 Calendar Xss Injection (Bypass Quickr 8.0 Xss Filter)

SECUNIA - 29072

SREASON - 3721

Last Updated: 27 May 2016 10:47:04