CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2013-0503
https://notcve.org/view.php?id=CVE-2013-0503
Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en el componente de marcadores en IBM Lotus Connections v4.0 antes CR3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1LO74182 http://www-01.ibm.com/support/docview.wss?uid=swg21634538 https://exchange.xforce.ibmcloud.com/vulnerabilities/82265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1032
https://notcve.org/view.php?id=CVE-2011-1032
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. IBM Lotus Connections v3.0, cuando IBM WebSphere Application Server v7.0.0.11 es usada, no restringe adecuadamente el acceso al módulo de login interno, que tiene un impacto no especificado y vectores de ataque. • http://osvdb.org/70931 http://secunia.com/advisories/43298 http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565 http://www.ibm.com/support/docview.wss?uid=swg21462435 http://www.vupen.com/english/advisories/2011/0382 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1030
https://notcve.org/view.php?id=CVE-2011-1030
Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Wikis en IBM Lotus Connections v3.0 que permite a atacantes remotos inyectar script web de su elección o HTML a través de vectores relacionados con el "Confirm New Page scene." • http://secunia.com/advisories/43134 http://securitytracker.com/id?1025054 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1LO57850 http://www.ibm.com/support/docview.wss?uid=swg1LO57850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2278
https://notcve.org/view.php?id=CVE-2010-2278
The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. El pop-up "bookmarklet" en el componente Bookmarks para IBM Lotus Connections v2.5.x anterior a v2.5.0.2 no sigue apropiadamente la configuración "force SSL", que podría hacer más sencillo a atacantes remotos obtener el texto plano de las comunicaciones de la red husmeando la red o falsificar servidores de su elección a través de un ataque man-in-the-middle (hombre en el medio) • http://secunia.com/advisories/40007 http://www-01.ibm.com/support/docview.wss?uid=swg21431472 http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429 http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496 http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501 http://www-1.ibm.com/support/docview.wss? •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2279
https://notcve.org/view.php?id=CVE-2010-2279
The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors. La implementación Top Updates del componente Homepage de IBM Lotus Connections v2.5.x anterior a v2.5.0.2, cuando está habilitado "forced SSL", utiliza http para los enlaces, esto tiene un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/40007 http://www-01.ibm.com/support/docview.wss?uid=swg21431472 http://www-1.ibm.com/support/docview.wss?uid=swg1LO48325 http://www.vupen.com/english/advisories/2010/1281 •