Cross-Site Scripting Vulnerabilities in IBM Lotus Connections by IBM
CVE-2010-2277

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Connections
Vendor: CVE Published:; 15 June 2010

Summary

Multiple cross-site scripting vulnerabilities exist in IBM Lotus Connections 2.5.x prior to version 2.5.0.2. These vulnerabilities allow remote attackers to execute arbitrary web scripts or HTML through various forms and components, including the Communities component's create and edit forms, the verbiage field in the Bookmarks component, and various unspecified vectors in the Mobile Blogs component. It is crucial to apply the latest patches and updates to mitigate these risks effectively.

References

http://www.vupen.com/english/advisories/2010/1281

vdb-entryx_refsource_VUPEN

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47921

vendor-advisoryx_refsource_AIXAPAR

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47214

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 15, 2010