Lucene search

[email protected]CVE-2010-2277

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-2277

2022-10-0316:21:07

CWE-79

[email protected]

web.nvd.nist.gov

ibm

lotus connections

xss

vulnerabilities

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component.

Affected configurations

NVD

Node

ibmlotus_connectionsMatch2.5.0

ibmlotus_connectionsMatch2.5.0.1

CPENameOperatorVersion
ibm:lotus_connectionsibm lotus connectionseq2.5.0
ibm:lotus_connectionsibm lotus connectionseq2.5.0.1

CPE	Name	Operator	Version
ibm:lotus_connections	ibm lotus connections	eq	2.5.0
ibm:lotus_connections	ibm lotus connections	eq	2.5.0.1

References

secunia.com/advisories/40007

www-01.ibm.com/support/docview.wss?uid=swg21431472

www-1.ibm.com/support/docview.wss?uid=swg1LO47214

www-1.ibm.com/support/docview.wss?uid=swg1LO47362

www-1.ibm.com/support/docview.wss?uid=swg1LO47921

www.vupen.com/english/advisories/2010/1281

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.3%

JSON

Related for CVE-2010-2277

prion1 cvelist1 nvd1