CVE-2008-0834

IBM Lotus Quickr - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (5)

[Vendor Advisory] http://secunia.com/advisories/29004

[Patch] http://www-1.ibm.com/support/docview.wss?uid=swg24016411

[Patch] http://www.securityfocus.com/bid/27840

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019431

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0590

Scores

EPSS 0.0029

EPSS Percentile 52.5%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

ibm/lotus_quickr

Timeline

Published Feb 20, 2008

Tracked Since Feb 18, 2026