Cross-site scripting (XSS) vulnerability in Lotus Quickr 8.1 services

There is a potential cross-site scripting (XSS) vulnerability in Lotus Quickr 8.1 services for IBM WebSphere Portal.

Secunia issued an advisory on September 28, 2009, based on APAR #LO36646. The Secunia advisory can be accessed at http://secunia.com/advisories/36899/.

This issue was originally reported to Quality Engineering and was resolved in iFix #LO36646.

LO36646 is included in the cumulative Document Manager Library iFixes available on IBM Fix Central. You can use the "APAR or SPR" search feature on Fix Central to identify and download the latest fix package that includes APAR LO36646.

---

Security rating using Common Vulnerability Scoring System (CVSS) v2

CVSS Base Score: <5> ---- Impact Subscore: <2.9> ---- Exploitability Subscore: <10> CVSS Temporal Score: <3.9> CVSS Environmental Score: <Undefined*> Overall CVSS Score: <3.9>

Base Score Metrics: Related exploit range/Attack Vector: <Network> Access Complexity: <Low> Authentication <None> Confidentiality Impact: <Partial> Integrity Impact: <None> Availability Impact: <None>

Temporal Score Metrics: Exploitability: <Proof of Concept Code> Remediation Level: <Official Fix> Report Confidence: <Confirmed>

References: CVSS v2 Complete Documentation CVSS v2 Online Calculator

*The CVSS Environment Score is customer environment-specific and will ultimately impact the overall CVSS score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.