CVE-2008-5011
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Lotus Connections v2.x anterior a v2.0.1 de IBM Lotus Quickr v8.1 anteriores a v8.1.0.2, servicios para Lotus Domino, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados, posiblemente relativo a qpconfig_sample.xml, (también conocido como) SPR CWIR7KMPVP y THES7F9NVR, es una vulnerabilidad diferente a CVE-2008-2163 y CVE-2008-3860.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-11-10 CVE Reserved
- 2008-11-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/49777 | Vdb Entry | |
| http://osvdb.org/49778 | Vdb Entry | |
| http://www.securityfocus.com/bid/32212 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/3081 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46463 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | 2017-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/32574 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Lotus Search vendor "Ibm" for product "Lotus" | <= quickr Search vendor "Ibm" for product "Lotus" and version " <= quickr" | 8.1.0.1 |
Affected
| in | Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | Lotus Search vendor "Ibm" for product "Lotus" | quickr Search vendor "Ibm" for product "Lotus" and version "quickr" | 8.1 |
Affected
| in | Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | * | - |
Safe
|