Ibm

Lotus Connections

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-0503

  • EPSS 0.27%
  • Veröffentlicht 23.04.2013 11:47:35
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8

CVE-2011-1032

  • EPSS 0.42%
  • Veröffentlicht 15.02.2011 01:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.

4.3

CVE-2011-1030

  • EPSS 0.26%
  • Veröffentlicht 14.02.2011 22:00:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene."

4.3

CVE-2010-2277

  • EPSS 0.46%
  • Veröffentlicht 15.06.2010 14:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field i...

4

CVE-2010-2278

  • EPSS 0.69%
  • Veröffentlicht 15.06.2010 14:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by snif...

7.6

CVE-2010-2279

  • EPSS 0.48%
  • Veröffentlicht 15.06.2010 14:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.

4.3

CVE-2010-2280

  • EPSS 0.25%
  • Veröffentlicht 15.06.2010 14:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions,"...

4.3

CVE-2009-3816

  • EPSS 0.29%
  • Veröffentlicht 28.10.2009 10:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2009-3469

  • EPSS 2.56%
  • Veröffentlicht 29.09.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

4.3

CVE-2008-4805

  • EPSS 0.43%
  • Veröffentlicht 31.10.2008 18:09:08
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs...