CVSS: 6.8EPSS: 0%CPEs: 77EXPL: 1CVE-2010-0715
https://notcve.org/view.php?id=CVE-2010-0715
26 Feb 2010 — Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. Vulnerabilidad de redireccionamiento dir... • http://www-01.ibm.com/support/docview.wss?uid=swg21421469 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3453
https://notcve.org/view.php?id=CVE-2009-3453
29 Sep 2009 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus Quickr v8.1.0 servicios para WebSphere Portal permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del nom... • http://osvdb.org/58384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4505
https://notcve.org/view.php?id=CVE-2008-4505
09 Oct 2008 — Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability. Vulnerabilidad inespecifica en IBM Lotus Quickr v8.1 anterior al parche 1 (v8.1.0.1) que permite a atacantes producir una denegación de servicio (caida del sistema) a través de un argumento URL no estandar al co... • http://secunia.com/advisories/32098 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4506
https://notcve.org/view.php?id=CVE-2008-4506
09 Oct 2008 — Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. Una vulnerabilidad no especificada en Lotus Quickr de IBM versiones 8.1 anteriores al Fixpack 1 (8.1.0.1), permite a un administrador de lugares "demote or delete a place superuser group" por medio de vectores desconocidos. • http://secunia.com/advisories/32098 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4507
https://notcve.org/view.php?id=CVE-2008-4507
09 Oct 2008 — Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. Vulnerabilidad no especificada en IBM Lotus Quickr 8.1 anterior a Fix pack 1 (8.1.0.1) permite a los editores borrar paginas que fueron creadas por un autor diferente mediante vectores desconocidos. • http://secunia.com/advisories/32098 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3860
https://notcve.org/view.php?id=CVE-2008-3860
29 Aug 2008 — Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. Múltiples ... • http://osvdb.org/49772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2163
https://notcve.org/view.php?id=CVE-2008-2163
13 May 2008 — Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." Vulnerabilidad de Secuencias de comandos en sitios cruzados en IBM Lotus Quickr 8.1 versiones anteriores al Hotfix 5 para Windows y AIX, y anteriores al Hotfix 3 para i5/OS, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores ... • http://secunia.com/advisories/30204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •