CVSS: 6.1EPSS: 2%CPEs: 77EXPL: 3CVE-2010-0714 – IBM (Multiple Products) - Login Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0714
26 Feb 2010 — Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de ejecución de secuencias de comandos en s... • https://www.exploit-db.com/exploits/33675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 77EXPL: 1CVE-2010-0715
https://notcve.org/view.php?id=CVE-2010-0715
26 Feb 2010 — Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. Vulnerabilidad de redireccionamiento dir... • http://www-01.ibm.com/support/docview.wss?uid=swg21421469 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1216
https://notcve.org/view.php?id=CVE-2008-1216
09 Mar 2008 — IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element. El servidor IBM Lotus Quickr 8.0 y posiblemnte QuickPlace 7.x, no identifica correctamente URIs que contienen cadenas ... • http://secunia.com/advisories/29072 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0834
https://notcve.org/view.php?id=CVE-2008-0834
20 Feb 2008 — Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Lotus Quickr para i5/OS antes de 8.0.0.2 Hotfix 11, cuando está deshabilitado el acceso anónimo en los puertos HTTP permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de... • http://secunia.com/advisories/29004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •