Description
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Oren Hafif · textwebappsjsp
https://www.exploit-db.com/exploits/33675
References (7)
Core 7
Core References
Exploit x_refsource_misc
http://www.hacktics.com/content/advisories/AdvIBM20100224.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56508
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1023660
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/509744/100/0/threaded
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21421469
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38412
Scores
EPSS
0.0084
EPSS Percentile
74.8%
Details
CWE
CWE-79
Status
published
Products (50)
ibm/lotus_quickr
8.0
ibm/lotus_quickr
8.0.0.2
ibm/lotus_quickr
8.1
ibm/lotus_quickr
8.1.1
ibm/lotus_quickr
8.1.1.1
ibm/lotus_web_content_management
5.1.0.0
ibm/lotus_web_content_management
5.1.0.1
ibm/lotus_web_content_management
5.1.0.2
ibm/lotus_web_content_management
5.1.0.3
ibm/lotus_web_content_management
5.1.0.4
... and 40 more
Published
Feb 26, 2010
Tracked Since
Feb 18, 2026