Cross-Site Scripting Vulnerability in IBM Lotus Connections
CVE-2011-1030

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Connections
Vendor: CVE Published:; 14 February 2011

Summary

A cross-site scripting vulnerability exists in the Wikis component of IBM Lotus Connections 3.0, enabling remote attackers to inject arbitrary web scripts or HTML. This vulnerability arises from inadequate validation of user input during interactions with the 'Confirm New Page scene,' allowing unauthorized scripts to be executed in the context of users’ sessions. Exploitation could lead to data compromise, session hijacking, or defacement of user-facing content.

References

http://securitytracker.com/id?1025054

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/43134

third-party-advisoryx_refsource_SECUNIA

http://www.ibm.com/support/docview.wss?uid=swg1LO57850

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 14, 2011