CVE-2010-0714 – IBM (Multiple Products) - Login Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0714
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), y IBM Lotus Workplace Web Content Management v5.1.0.0 hasta v5.1.0.5, v6.0.0.0 hasta v6.0.0.4, v6.0.1.0 hasta v6.0.1.7, v6.1.0.0 hasta v6.1.0.3, y v6.1.5.0; y IBM Lotus Quickr services v8.0, v8.0.0.2, v8.1, v8.1.1, y v8.1.1.1 para WebSphere Portal; permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del cadena "query". • https://www.exploit-db.com/exploits/33675 http://www-01.ibm.com/support/docview.wss?uid=swg21421469 http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233 http://www.hacktics.com/content/advisories/AdvIBM20100224.html http://www.securityfocus.com/archive/1/509744/100/0/threaded http://www.securityfocus.com/bid/38412 http://www.securitytracker.com/id?1023660 https://exchange.xforce.ibmcloud.com/vulnerabilities/56508 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3453
https://notcve.org/view.php?id=CVE-2009-3453
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus Quickr v8.1.0 servicios para WebSphere Portal permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del nombre de fichero de un fichero .odt en Lotus Quickr place, relacionado con la plantilla Library. • http://osvdb.org/58384 http://secunia.com/advisories/36899 http://www-01.ibm.com/support/docview.wss?uid=swg1LO36646 http://www-01.ibm.com/support/docview.wss?uid=swg21405163 http://www.securityfocus.com/bid/36527 http://www.securitytracker.com/id?1022952 http://www.vupen.com/english/advisories/2009/2779 https://exchange.xforce.ibmcloud.com/vulnerabilities/53489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4506
https://notcve.org/view.php?id=CVE-2008-4506
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. Una vulnerabilidad no especificada en Lotus Quickr de IBM versiones 8.1 anteriores al Fixpack 1 (8.1.0.1), permite a un administrador de lugares "demote or delete a place superuser group" por medio de vectores desconocidos. • http://secunia.com/advisories/32098 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securityfocus.com/bid/31608 http://www.vupen.com/english/advisories/2008/2753 https://exchange.xforce.ibmcloud.com/vulnerabilities/45694 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4505
https://notcve.org/view.php?id=CVE-2008-4505
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability. Vulnerabilidad inespecifica en IBM Lotus Quickr v8.1 anterior al parche 1 (v8.1.0.1) que permite a atacantes producir una denegación de servicio (caida del sistema) a través de un argumento URL no estandar al comando OpenDocument.NOTA: Debido a la falta de detalles del vendedor, no queda claro que esto sea una vulnerabilidad • http://secunia.com/advisories/32098 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securityfocus.com/bid/31608 http://www.vupen.com/english/advisories/2008/2753 https://exchange.xforce.ibmcloud.com/vulnerabilities/45692 • CWE-20: Improper Input Validation •
CVE-2008-4507
https://notcve.org/view.php?id=CVE-2008-4507
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. Vulnerabilidad no especificada en IBM Lotus Quickr 8.1 anterior a Fix pack 1 (8.1.0.1) permite a los editores borrar paginas que fueron creadas por un autor diferente mediante vectores desconocidos. • http://secunia.com/advisories/32098 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securityfocus.com/bid/31608 http://www.vupen.com/english/advisories/2008/2753 https://exchange.xforce.ibmcloud.com/vulnerabilities/45693 • CWE-264: Permissions, Privileges, and Access Controls •