Cross-Site Scripting Vulnerability in IBM Lotus Quickr Services for WebSphere Portal
CVE-2009-3453

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Quickr
Vendor: CVE Published:; 29 September 2009

Summary

Multiple cross-site scripting vulnerabilities in IBM Lotus Quickr 8.1.0 for WebSphere Portal enable remote attackers to inject arbitrary web scripts or HTML. This is facilitated through the manipulation of the filename in .odt files uploaded within a Lotus Quickr place, specifically concerning the Library template. If exploited, these vulnerabilities could compromise the integrity of web pages displayed to users.

References

http://www.securitytracker.com/id?1022952

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg1LO36646

vendor-advisoryx_refsource_AIXAPAR

http://secunia.com/advisories/36899

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 29, 2009
Vulnerability Reserved
Sep 29, 2009