PT-2010-3863 · Ibm · Ibm Lotus Connections
Published
2010-06-14
·
Updated
2010-06-16
·
CVE-2010-2277
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Lotus Connections versions 2.5.x before 2.5.0.2
Description
The issue allows remote attackers to inject arbitrary web script or HTML via various components, including the create or edit form in the Communities component, the verbiage field in the Bookmarks component, or unspecified vectors related to the Mobile Blogs component.
Recommendations
For IBM Lotus Connections versions 2.5.x before 2.5.0.2, update to version 2.5.0.2 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Lotus Connections