CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-0862
https://notcve.org/view.php?id=CVE-2008-0862
IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. IBM Lotus Notes 6.0, 6.5, 7.0, y 8.0 firma un applet sin asignación cuando un usuario reenvía un correo a otro, que permite a atacantes remotos asistidos por el usuario evitar la protección Execution Control List (ECL. • http://secunia.com/advisories/29031 http://www-1.ibm.com/support/docview.wss?uid=swg21257250 http://www.vupen.com/english/advisories/2008/0600/references • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 1CVE-2008-0861
https://notcve.org/view.php?id=CVE-2008-0861
Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action. Vulnerabilidad de ejecución de comandos en sitios cruzados en leg/Main.nsf en IBM Lotus Quickplace 7.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del sub-parámetro h_SearchString en el parámetro PreSetFields en una acción EditDocument. • http://secunia.com/advisories/29025 http://www.securiteam.com/securitynews/5AP0B2KNFM.html http://www.securityfocus.com/bid/27871 http://www.securitytracker.com/id?1019432 http://www.vupen.com/english/advisories/2008/0841/references • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0834
https://notcve.org/view.php?id=CVE-2008-0834
Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Lotus Quickr para i5/OS antes de 8.0.0.2 Hotfix 11, cuando está deshabilitado el acceso anónimo en los puertos HTTP permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://secunia.com/advisories/29004 http://www-1.ibm.com/support/docview.wss?uid=swg24016411 http://www.securityfocus.com/bid/27840 http://www.securitytracker.com/id?1019431 http://www.vupen.com/english/advisories/2008/0590 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0354
https://notcve.org/view.php?id=CVE-2008-0354
Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el cliente chat de IBM Lotus Sametime 7.5 y 7.5.1 permite a atacantes locales o remotos dependientes del contexto inyectar scripts web o HTML de su elección mediante un mensaje manipulado, que dispara ejecución de código tras un evento mouseover iniciado por la víctima. • http://secunia.com/advisories/27942 http://www-1.ibm.com/support/docview.wss?uid=swg21292938 http://www.securityfocus.com/bid/27316 http://www.securitytracker.com/id?1019224 http://www.vupen.com/english/advisories/2008/0168 https://exchange.xforce.ibmcloud.com/vulnerabilities/39726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0243
https://notcve.org/view.php?id=CVE-2008-0243
Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en Lotus Domino 7.0.2, en versiones anteriores a la Fix Pack 3, permite que atacantes remotos provoquen una denegación de servicio a través de vectores desconocidos. • http://secunia.com/advisories/28411 http://www-1.ibm.com/support/docview.wss?uid=swg27011539 http://www.securityfocus.com/bid/27215 http://www.vupen.com/english/advisories/2008/0086 https://exchange.xforce.ibmcloud.com/vulnerabilities/39588 •