Cross-Site Scripting Vulnerability in IBM Lotus Sametime
CVE-2011-1106

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Sametime
Vendor: CVE Published:; 1 March 2011

Summary

The vulnerability allows remote attackers to exploit the server in IBM Lotus Sametime by injecting arbitrary web scripts or HTML through the 'authReasonCode' parameter in an OpenDatabase action. This can lead to execution of malicious scripts in the context of the user’s session, potentially compromising sensitive information and user accounts.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65555

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2011-02/02...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/46481

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 1, 2011
Vulnerability Reserved
Mar 1, 2011