CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2013-0503
https://notcve.org/view.php?id=CVE-2013-0503
23 Apr 2013 — Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en el componente de marcadores en IBM Lotus Connections v4.0 antes CR3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1LO74182 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1032
https://notcve.org/view.php?id=CVE-2011-1032
14 Feb 2011 — IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. IBM Lotus Connections v3.0, cuando IBM WebSphere Application Server v7.0.0.11 es usada, no restringe adecuadamente el acceso al módulo de login interno, que tiene un impacto no especificado y vectores de ataque. • http://osvdb.org/70931 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1030
https://notcve.org/view.php?id=CVE-2011-1030
14 Feb 2011 — Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Wikis en IBM Lotus Connections v3.0 que permite a atacantes remotos inyectar script web de su elección o HTML a través de vectores relacionados con el "Confirm New Page scene." • http://secunia.com/advisories/43134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2277
https://notcve.org/view.php?id=CVE-2010-2277
14 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus Connections v2.5.x anterior a v2.5.0.2 permiten a atacantes remotos inyectar s... • http://secunia.com/advisories/40007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2278
https://notcve.org/view.php?id=CVE-2010-2278
14 Jun 2010 — The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. El pop-up "bookmarklet" en el componente Bookmarks para IBM Lotus Connections v2.5.x anterior a v2.5.0.2 no sigue apropiadamente la configuración "force SSL", que podría hacer más senci... • http://secunia.com/advisories/40007 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2279
https://notcve.org/view.php?id=CVE-2010-2279
14 Jun 2010 — The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors. La implementación Top Updates del componente Homepage de IBM Lotus Connections v2.5.x anterior a v2.5.0.2, cuando está habilitado "forced SSL", utiliza http para los enlaces, esto tiene un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/40007 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2280
https://notcve.org/view.php?id=CVE-2010-2280
14 Jun 2010 — Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH. Una vulnerabilidad de redirección abierta en el componente Mobile de IBM Lotus Connections v2.5.x antes de v2.5.0.2 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través... • http://secunia.com/advisories/40007 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3816
https://notcve.org/view.php?id=CVE-2009-3816
28 Oct 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en las páginas Activities en el subsistema Mobile en IBM Lotus Connections v2.5.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especifica... • http://secunia.com/advisories/37106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 1CVE-2009-3469 – IBM Lotus Connections 2.0.1 - 'simpleSearch.do' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3469
29 Sep 2009 — Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. Vulnerabilidad de ejecución de secuencias de comandos remotos en tistios cruzados (XSS) en profiles/html/simpleSearch.do en IBM Lotus Connections v2.0.1, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección a través del parámetro "name". • https://www.exploit-db.com/exploits/33254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4805
https://notcve.org/view.php?id=CVE-2008-4805
31 Oct 2008 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzad... • http://secunia.com/advisories/32466 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •