// For flags

CVE-2008-1216

 

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element.

El servidor IBM Lotus Quickr 8.0 y posiblemnte QuickPlace 7.x, no identifica correctamente URIs que contienen cadenas de ataque de secuencias de comandos en sitios cruzados (XSS), lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de una acción Calendar OpenDocument a main.nsf con un parámetro Count que contiene un evento JavaScript en un elemento mal formado, como se demostró por un un evento onload en un elemento IFRAME.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-03-08 CVE Reserved
  • 2008-03-09 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-27 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
 Lotus Quickr Server
Search vendor "Ibm" for product "Lotus Quickr Server"
 8.0
Search vendor "Ibm" for product "Lotus Quickr Server" and version "8.0"
-
Affected