CVE-2009-3453
https://notcve.org/view.php?id=CVE-2009-3453
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus Quickr v8.1.0 servicios para WebSphere Portal permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del nombre de fichero de un fichero .odt en Lotus Quickr place, relacionado con la plantilla Library. • http://osvdb.org/58384 http://secunia.com/advisories/36899 http://www-01.ibm.com/support/docview.wss?uid=swg1LO36646 http://www-01.ibm.com/support/docview.wss?uid=swg21405163 http://www.securityfocus.com/bid/36527 http://www.securitytracker.com/id?1022952 http://www.vupen.com/english/advisories/2009/2779 https://exchange.xforce.ibmcloud.com/vulnerabilities/53489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4505
https://notcve.org/view.php?id=CVE-2008-4505
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability. Vulnerabilidad inespecifica en IBM Lotus Quickr v8.1 anterior al parche 1 (v8.1.0.1) que permite a atacantes producir una denegación de servicio (caida del sistema) a través de un argumento URL no estandar al comando OpenDocument.NOTA: Debido a la falta de detalles del vendedor, no queda claro que esto sea una vulnerabilidad • http://secunia.com/advisories/32098 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securityfocus.com/bid/31608 http://www.vupen.com/english/advisories/2008/2753 https://exchange.xforce.ibmcloud.com/vulnerabilities/45692 • CWE-20: Improper Input Validation •
CVE-2008-4507
https://notcve.org/view.php?id=CVE-2008-4507
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. Vulnerabilidad no especificada en IBM Lotus Quickr 8.1 anterior a Fix pack 1 (8.1.0.1) permite a los editores borrar paginas que fueron creadas por un autor diferente mediante vectores desconocidos. • http://secunia.com/advisories/32098 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securityfocus.com/bid/31608 http://www.vupen.com/english/advisories/2008/2753 https://exchange.xforce.ibmcloud.com/vulnerabilities/45693 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4506
https://notcve.org/view.php?id=CVE-2008-4506
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. Una vulnerabilidad no especificada en Lotus Quickr de IBM versiones 8.1 anteriores al Fixpack 1 (8.1.0.1), permite a un administrador de lugares "demote or delete a place superuser group" por medio de vectores desconocidos. • http://secunia.com/advisories/32098 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securityfocus.com/bid/31608 http://www.vupen.com/english/advisories/2008/2753 https://exchange.xforce.ibmcloud.com/vulnerabilities/45694 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3860
https://notcve.org/view.php?id=CVE-2008-3860
Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1)editores WYSIWYG (2)durante la creación de un grupo local, (3) durante redireccionamientos HTML, (4) en el HTML-import, (5) en el editor Rich-text, y (6) en la página de enlace del servicio IBM Lotus Quickr 8.1 para Lotus Domino anterior al parche (Hotfix) 15, permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados, incluyendo (7) la Imported-Page. NOTA: La vulnerabilidad en el editor WYSIWYG puede ser debida a una corrección incompleta de para el CVE-2008-2163. • http://osvdb.org/49772 http://osvdb.org/49776 http://secunia.com/advisories/31634 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securitytracker.com/id?1020762 http://www.vupen.com/english/advisories/2008/2444 https://exchange.xforce.ibmcloud.com/vulnerabilities/44694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •