Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3860

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3860
Last Modified 07 Mar 2011 10:11:31
Published 29 Aug 2008 12:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3860

Summary

Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163.

Vulnerable Systems

Application

  • Ibm Lotus Quickr 8.1


References

XF - ibm-lotus-quickr-multiple-xss(44694)

VUPEN - ADV-2008-2444

SECTRACK - 1020762

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27013341

SECUNIA - 31634

OSVDB - 49776

OSVDB - 49772


Last Updated: 27 May 2016 10:48:20