Cross-Site Scripting Vulnerability in IBM Lotus Sametime
CVE-2007-6295

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Sametime
Vendor: CVE Published:; 10 December 2007

What is CVE-2007-6295?

A cross-site scripting (XSS) vulnerability exists in the WebRunMenuFrame page of the online meeting center template in IBM Lotus Sametime prior to version 8.0. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the URI, potentially leading to unauthorized actions performed on behalf of users, including data theft and session hijacking. It is essential for users and administrators of affected versions to apply security updates promptly to safeguard their systems against such attacks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/38891

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/26734

vdb-entryx_refsource_BID

http://osvdb.org/39258

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2007
Vulnerability Reserved
Dec 10, 2007