CVE-2011-1038
IBM Lotus Sametime - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dave Daly · textremotemultiple
https://www.exploit-db.com/exploits/35364
References (5)
Scores
EPSS
0.0271
EPSS Percentile
85.7%
Classification
CWE
CWE-79
Status
published
Affected Products (2)
ibm/lotus_sametime
n/a/n/a
Timeline
Published
Feb 22, 2011
Tracked Since
Feb 18, 2026