CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0354
https://notcve.org/view.php?id=CVE-2008-0354
Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el cliente chat de IBM Lotus Sametime 7.5 y 7.5.1 permite a atacantes locales o remotos dependientes del contexto inyectar scripts web o HTML de su elección mediante un mensaje manipulado, que dispara ejecución de código tras un evento mouseover iniciado por la víctima. • http://secunia.com/advisories/27942 http://www-1.ibm.com/support/docview.wss?uid=swg21292938 http://www.securityfocus.com/bid/27316 http://www.securitytracker.com/id?1019224 http://www.vupen.com/english/advisories/2008/0168 https://exchange.xforce.ibmcloud.com/vulnerabilities/39726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6295
https://notcve.org/view.php?id=CVE-2007-6295
Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página WebRunMenuFrame en la plantilla de centro de encuentros de IBM Lotus Sametime versiones anteriores a 8.0 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el URI. • http://osvdb.org/39258 http://secunia.com/advisories/27941 http://www-1.ibm.com/support/docview.wss?uid=sim5079c9d76e4fcf910852573a800495249 http://www.securityfocus.com/bid/26734 http://www.securitytracker.com/id?1019053 http://www.vupen.com/english/advisories/2007/4104 https://exchange.xforce.ibmcloud.com/vulnerabilities/38891 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4142
https://notcve.org/view.php?id=CVE-2007-4142
Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus Sametime Server 7.5.1 versiones anteriores a 20070731 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados involucrando una reunión Sametime manipulada. • http://osvdb.org/36462 http://secunia.com/advisories/26302 http://www-1.ibm.com/support/docview.wss?uid=swg21266789 http://www.securityfocus.com/bid/25167 http://www.securitytracker.com/id?1018502 http://www.vupen.com/english/advisories/2007/2734 https://exchange.xforce.ibmcloud.com/vulnerabilities/35731 •
CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0CVE-2007-1784
https://notcve.org/view.php?id=CVE-2007-1784
The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function. El control ActiveX JNILoader (STJNILoader.ocx) 3.1.0.26 en IBM Lotus Notes Sametime anterior a 7.5 permite a atacantes remotos cargar librerias DLL de su elección y ejecutar código de su elección a través de argumentos de su elección en la función loadLibrary. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=495 http://www-1.ibm.com/support/docview.wss?uid=swg21257029 http://www.securityfocus.com/bid/23201 http://www.securitytracker.com/id?1017828 https://exchange.xforce.ibmcloud.com/vulnerabilities/33314 •