Cross-Site Scripting Vulnerabilities in IBM Lotus Connections
CVE-2008-4805

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Connections
Vendor: CVE Published:; 31 October 2008

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in IBM Lotus Connections 2.x prior to version 2.0.1. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML into various components, such as community titles, API inputs, and several functional areas, including Homepage, Blogs, Profiles, Dogear, Activities, and Global Search. Exploitation of these vulnerabilities can lead to unauthorized actions and compromise the integrity of user interactions within the application.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46215

vdb-entryx_refsource_XF

http://secunia.com/advisories/32466

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/31989

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 31, 2008
Vulnerability Reserved
Oct 31, 2008