CVE-2010-4590

IBM Lotus Mobile Connect < 6.1.3 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (4)

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1024871

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1IZ77536

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg27020327

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/3209

Scores

EPSS 0.0026

EPSS Percentile 48.7%

Classification

CWE

CWE-79

Status published

Affected Products (5)

ibm/lotus_mobile_connect < 6.1.3

ibm/lotus_mobile_connect

n/a/n/a

Timeline

Published Dec 22, 2010

Tracked Since Feb 18, 2026