CVE-2008-3860
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1)editores WYSIWYG (2)durante la creación de un grupo local, (3) durante redireccionamientos HTML, (4) en el HTML-import, (5) en el editor Rich-text, y (6) en la página de enlace del servicio IBM Lotus Quickr 8.1 para Lotus Domino anterior al parche (Hotfix) 15, permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados, incluyendo (7) la Imported-Page. NOTA: La vulnerabilidad en el editor WYSIWYG puede ser debida a una corrección incompleta de para el CVE-2008-2163.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-08-29 CVE Reserved
- 2008-08-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/49772 | Vdb Entry | |
| http://osvdb.org/49776 | Vdb Entry | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | X_refsource_confirm | |
| http://www.securitytracker.com/id?1020762 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2444 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44694 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/31634 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Lotus Quickr Search vendor "Ibm" for product "Lotus Quickr" | 8.1 Search vendor "Ibm" for product "Lotus Quickr" and version "8.1" | - |
Affected
| in | Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | Lotus Quickr Search vendor "Ibm" for product "Lotus Quickr" | 8.1 Search vendor "Ibm" for product "Lotus Quickr" and version "8.1" | - |
Affected
| in | Ibm Search vendor "Ibm" | I5os Search vendor "Ibm" for product "I5os" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | Lotus Quickr Search vendor "Ibm" for product "Lotus Quickr" | 8.1 Search vendor "Ibm" for product "Lotus Quickr" and version "8.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Nt Search vendor "Microsoft" for product "Windows Nt" | * | - |
Safe
|