Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to ibm - lotus

Vulnerability from fkie_nvd

Published

2008-11-10 15:23

Modified

2025-04-09 00:30

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.

References

URL	Tags
cve@mitre.org	http://osvdb.org/49777
cve@mitre.org	http://osvdb.org/49778
cve@mitre.org	http://secunia.com/advisories/32574	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg27013341	Patch
cve@mitre.org	http://www.securityfocus.com/bid/32212
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3081
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/46463
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/49777
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/49778
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32574	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg27013341	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32212
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3081
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46463

Impacted products

Vendor	Product	Version
ibm	lotus	*
ibm	lotus	quickr
ibm	lotus_domino	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus:*:8.1.0.1:*:*:*:*:*:*",
              "matchCriteriaId": "590D5871-EB1A-41F1-8F14-1D179BFB35FB",
              "versionEndIncluding": "quickr",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus:quickr:8.1:*:*:*:*:*:*",
              "matchCriteriaId": "1D4EDB39-5BF2-44DF-9E1B-341B7117643E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Lotus Connections v2.x anterior a v2.0.1 de IBM Lotus Quickr v8.1 anteriores a v8.1.0.2, servicios para Lotus Domino, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados, posiblemente relativo a qpconfig_sample.xml, (tambi\u00e9n conocido como) SPR CWIR7KMPVP y THES7F9NVR, es una vulnerabilidad diferente a CVE-2008-2163 y CVE-2008-3860."
    }
  ],
  "id": "CVE-2008-5011",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-11-10T15:23:24.517",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/49777"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/49778"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32574"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32212"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3081"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/49777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/49778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46463"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-5011 (GCVE-0-2008-5011)

Vulnerability from cvelistv5

Published

2008-11-10 15:00