Cross-Site Scripting Vulnerability in Lotus Quickr for i5/OS
CVE-2008-0834

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Quickr
Vendor: CVE Published:; 20 February 2008

Summary

An XSS vulnerability exists in Lotus Quickr for i5/OS prior to version 8.0.0.2 Hotfix 11. This flaw arises when anonymous access is disabled on HTTP ports, thus allowing unauthorized remote attackers to inject arbitrary web scripts or HTML code via unspecified vectors. The injected scripts may perform various malicious actions, compromising user data and the overall integrity of the affected system.

References

http://www-1.ibm.com/support/docview.wss?uid=swg24016411

x_refsource_CONFIRM

http://secunia.com/advisories/29004

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1019431

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Feb 20, 2008
Vulnerability Reserved
Feb 20, 2008