Page 4 of 22 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en stconf.nsf en el servidor de IBM Lotus Sametime v8.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el parámetro messageString en una acción WebMessage o (2) en la variable PATH_INFO. Domino Sametime version 8.0.1 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/35364 http://secunia.com/advisories/43430 http://securityreason.com/securityalert/8100 http://www.securityfocus.com/archive/1/516563/100/0/threaded http://www.securityfocus.com/bid/46471 https://exchange.xforce.ibmcloud.com/vulnerabilities/65555 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0

Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. Vulnerabilidad sin especificar en la implementación webcontainer en IBM Lotus Sametime Connect v8.5.1 anterior a CF1 tiene un impacto y vectores de ataque desconocidos, también conocido como SPRs LXUU87S57H y LXUU87S93W. • http://www-01.ibm.com/support/docview.wss?uid=swg21445669 http://www.securityfocus.com/bid/43220 http://www.vupen.com/english/advisories/2010/2380 •

CVSS: 7.5EPSS: 96%CPEs: 3EXPL: 3

Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL. Desbordamiento de búfer basado en pila en el Community Services Multiplexer (también conocido como MUX o StMux.exe) de IBM Lotus Sametime 7.5.1 CF1 y anteriores, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código de su elección mediante una URL manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Sametime. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of long URLs in the Community Services Multiplexer (StMux.exe) listening on TCP port 1533. A specially crafted URL can be passed into a vulnerable sscanf() function that will result in a stack overflow resulting in the ability to execute arbitrary code. • https://www.exploit-db.com/exploits/31820 https://www.exploit-db.com/exploits/16696 http://secunia.com/advisories/30309 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920 http://www.securityfocus.com/bid/29328 http://www.securitytracker.com/id?1020093 http://www.vupen.com/english/advisories/2008/1595/references http://www.zerodayinitiative.com/advisories/ZDI-08-028 https://exchange.xforce.ibmcloud.com/vulnerabilities/42575 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el cliente chat de IBM Lotus Sametime 7.5 y 7.5.1 permite a atacantes locales o remotos dependientes del contexto inyectar scripts web o HTML de su elección mediante un mensaje manipulado, que dispara ejecución de código tras un evento mouseover iniciado por la víctima. • http://secunia.com/advisories/27942 http://www-1.ibm.com/support/docview.wss?uid=swg21292938 http://www.securityfocus.com/bid/27316 http://www.securitytracker.com/id?1019224 http://www.vupen.com/english/advisories/2008/0168 https://exchange.xforce.ibmcloud.com/vulnerabilities/39726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página WebRunMenuFrame en la plantilla de centro de encuentros de IBM Lotus Sametime versiones anteriores a 8.0 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el URI. • http://osvdb.org/39258 http://secunia.com/advisories/27941 http://www-1.ibm.com/support/docview.wss?uid=sim5079c9d76e4fcf910852573a800495249 http://www.securityfocus.com/bid/26734 http://www.securitytracker.com/id?1019053 http://www.vupen.com/english/advisories/2007/4104 https://exchange.xforce.ibmcloud.com/vulnerabilities/38891 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •