INFORMATION

Name : CVE-2008-3860 First Publication : 2008-08-29
Severity : Medium Last Modification : 2008-09-02

SCORING CVSS v2

Cvss Base Score : 4.3 Attack Range : Network
Cvss Impact Score : 2.9 Attack Complexity : Medium
Cvss Expoit Score : 8.6 Authentification : None Required

DETAIL

Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163.


MORE INFORMATIONS

If you login, you will see more informations about this alert including :

4 Secondary sources

Your browser must accept cookie for login.

Login : Password: Captcha :
Remember me ?
if you can not read it, please refresh the page

If you don't have a login, register for FREE.