Lucene search

MitreCVE-2008-5011

HistoryNov 10, 2008 - 3:23 p.m.

CVE-2008-5011

2008-11-1015:23:24

CWE-79

mitre

web.nvd.nist.gov

ibm

lotus quickr

8.1

xss

vulnerabilities

ibm lotus domino

remote attacks

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

66.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.

Affected configurations

Nvd

Node

ibmlotusRange≤quickr8.1.0.1

ibmlotusMatchquickr8.1

AND

ibmlotus_domino

VendorProductVersionCPE
ibmlotus*cpe:2.3:a:ibm:lotus:*:8.1.0.1:*:*:*:*:*:*
ibmlotusquickrcpe:2.3:a:ibm:lotus:quickr:8.1:*:*:*:*:*:*
ibmlotus_domino*cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus	*	cpe:2.3:a:ibm:lotus::8.1.0.1::::::*
ibm	lotus	quickr	cpe:2.3:a:ibm:lotus:quickr:8.1::::::
ibm	lotus_domino	*	cpe:2.3:a:ibm:lotus_domino::::::::

References

osvdb.org/49777

osvdb.org/49778

secunia.com/advisories/32574

www-01.ibm.com/support/docview.wss?uid=swg27013341

www.securityfocus.com/bid/32212

www.vupen.com/english/advisories/2008/3081

exchange.xforce.ibmcloud.com/vulnerabilities/46463

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

66.4%

JSON

Related for CVE-2008-5011