CVE-2008-1216

EPSS 0.85%
Veröffentlicht 09.03.2008 02:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Lotus Quickr Server Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.85%	0.728

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/29072

http://securityreason.com/securityalert/3721

http://www.securityfocus.com/archive/1/488620/100/100/threaded

http://www.securityfocus.com/bid/27925

http://www.vupen.com/english/advisories/2008/0667

https://nvd.nist.gov/vuln/detail/CVE-2008-1216

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1216

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1216

EUVD