CVE-2012-4848

IBM Lotus Foundations Start <1.2.2c - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the (1) First Name or (2) Last Name field.

References (2)

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21620319

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/79537

Scores

EPSS 0.0017

EPSS Percentile 37.5%

Details

CWE

CWE-79

Status published

Products (5)

ibm/lotus_foundations_start < 1.2.2

ibm/lotus_foundations_start

n/a/n/a

Published Dec 19, 2012

Tracked Since Feb 18, 2026