CVE-2008-3860

Name of the Vulnerable Software and Affected Versions IBM Lotus Quickr 8.1 services for Lotus Domino versions prior to Hotfix 15

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in various components, including WYSIWYG editors, local group creation, HTML redirects, HTML import, Rich text editor, and link-page. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unknown vectors. One of the affected areas is the Imported Page.

Recommendations For IBM Lotus Quickr 8.1 services for Lotus Domino versions prior to Hotfix 15, apply Hotfix 15 to resolve the issue. As a temporary workaround, consider restricting access to the WYSIWYG editors and other affected components to minimize the risk of exploitation. Avoid using the Rich text editor and link-page features until the issue is resolved.