XSS in Ibm Lotus_quickr

CVE-2010-0714

Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (75.1th percentile) — read the EPSS interpretation.

Affected products

Ibm Lotus_quickr — versions 8.0, 8.0.0.2, 8.1.1.1
Ibm Lotus_web_content_management — versions 6.1.0.0, 5.1.0.1, 6.0.0.0
Ibm Lotus_workplace_web_content_management — versions 6.1.0.0, 5.1.0.1, 6.0.0.0
Ibm Websphere_portal — versions 6.1.0.0, 5.1.0.1, 6.0.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
PM03233 (vendor-advisory, x_refsource_AIXAPAR)
cve@mitre.org (Exploit, x_refsource_MISC)
20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM (mailing-list, x_refsource_BUGTRAQ)
38412 (Exploit, vdb-entry, x_refsource_BID)
1023660 (vdb-entry, x_refsource_SECTRACK)
ibm-login-xss(56508) (vdb-entry, x_refsource_XF)