This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

INFORMATION

Name : CVE-2008-3860 First Publication : 2008-08-29
Severity : Medium Last Modification : 2009-08-15

SCORING CVSS v2

Cvss Base Score : 4.3 Attack Range : Network
Cvss Impact Score : 2.9 Attack Complexity : Medium
Cvss Expoit Score : 8.6 Authentification : None Required

Calculate full CVSS 2.0 Vectors scores

DETAIL

Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163.



CWE COMMON WEAKNESS ENUMERATION

CWE-79 - Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE COMMON PLATFORM ENUMERATION


OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

47872 : IBM Lotus Quickr HTML Import Function XSS.
47871 : IBM Lotus Quickr WYSIWYG Rich Text Editor XSS.
47870 : IBM Lotus Quickr Imported Page Addition XSS.
47869 : IBM Lotus Quickr Local Group Creation XSS.


SECONDARY(S) SOURCE(S)


Source : CONFIRM
Url : http://www-01.ibm.com/support/docview.wss?uid=swg27013341

Source : OSVDB
Url : http://osvdb.org/49772
Url : http://osvdb.org/49776

Source : SECTRACK
Url : http://www.securitytracker.com/id?1020762

Source : SECUNIA
Url : http://secunia.com/advisories/31634

Source : VUPEN
Url : http://www.frsirt.com/english/advisories/2008/2444

Source : XF
Url : http://xforce.iss.net/xforce/xfdb/44694