CVE-2009-3453

Name of the Vulnerable Software and Affected Versions IBM Lotus Quickr version 8.1.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, specifically related to the Library template.

Recommendations For IBM Lotus Quickr version 8.1.0, consider restricting the upload of .odt files or validating filenames to prevent the injection of malicious scripts until a patch is available. As a temporary workaround, restrict access to the Library template to minimize the risk of exploitation.