XSS Vulnerability in IBM Lotus Quickr 8.0 Server
CVE-2008-1216

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Quickr Server
Vendor: CVE Published:; 9 March 2008

Summary

IBM Lotus Quickr 8.0 server, and potentially QuickPlace 7.x, suffers from a vulnerability that fails to appropriately validate URIs containing cross-site scripting (XSS) attack strings. This security flaw allows remote attackers to execute arbitrary web scripts or inject HTML code through a manipulated Calendar OpenDocument action, specifically by passing a Count parameter containing a JavaScript event within a malformed element. An example of this would be embedding an onload event within an IFRAME element, which could compromise client-side security.

References

http://securityreason.com/securityalert/3721

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/27925

vdb-entryx_refsource_BID

http://secunia.com/advisories/29072

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 9, 2008
Vulnerability Reserved
Mar 8, 2008