Lucene search

[email protected]NVD:CVE-2008-4805

HistoryOct 31, 2008 - 6:09 p.m.

CVE-2008-4805

2008-10-3118:09:08

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Nvd

Node

ibmlotus_connectionsRange≤2.0

ibmlotus_connectionsMatch1.0.2

VendorProductVersionCPE
ibmlotus_connections*cpe:2.3:a:ibm:lotus_connections:*:*:*:*:*:*:*:*
ibmlotus_connections1.0.2cpe:2.3:a:ibm:lotus_connections:1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_connections	*	cpe:2.3:a:ibm:lotus_connections::::::::
ibm	lotus_connections	1.0.2	cpe:2.3:a:ibm:lotus_connections:1.0.2:::::::*

References

secunia.com/advisories/32466

www-01.ibm.com/support/docview.wss?uid=swg27014008

www.securityfocus.com/bid/31989

exchange.xforce.ibmcloud.com/vulnerabilities/46210

exchange.xforce.ibmcloud.com/vulnerabilities/46211

exchange.xforce.ibmcloud.com/vulnerabilities/46215

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

Related for NVD:CVE-2008-4805

prion1 cvelist1 cve1