4.3

CVE-2010-0357

Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmLotus Web Content Management Version6.0.1.4
IbmLotus Web Content Management Version6.0.1.5
IbmLotus Web Content Management Version6.0.1.6
IbmLotus Web Content Management Version6.1.0.1
IbmLotus Web Content Management Version6.1.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.54% 0.717
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/38174
Vendor Advisory
http://securitytracker.com/id?1023463
http://www-01.ibm.com/support/docview.wss?uid=swg1PM02704
Patch
http://www-01.ibm.com/support/docview.wss?uid=swg1PM03233
http://www-01.ibm.com/support/docview.wss?uid=swg1PM04647
Vendor Advisory
http://www.osvdb.org/61711
http://www.securityfocus.com/bid/37825
http://www.vupen.com/english/advisories/2010/0149
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/55663