Cross-site scripting (XSS) vulnerability in Lotus Quickr 8.1 services
There is a potential cross-site scripting (XSS) vulnerability in Lotus Quickr 8.1 services for IBM WebSphere Portal.
Secunia issued an advisory on September 28, 2009, based on APAR #LO36646. The Secunia advisory can be accessed at http://secunia.com/advisories/36899/.
Resolving the problem
This issue was originally reported to Quality Engineering and was resolved in iFix #LO36646.
LO36646 is included in the cumulative Document Manager Library iFixes available on IBM Fix Central. You can use the "APAR or SPR" search feature on Fix Central to identify and download the latest fix package that includes APAR LO36646.
|Security rating using Common Vulnerability Scoring System (CVSS) v2|
|CVSS Base Score: <5>
---- Impact Subscore: <2.9>
---- Exploitability Subscore: <10>
CVSS Temporal Score: <3.9>
CVSS Environmental Score: <Undefined*>
Overall CVSS Score: <3.9>
|Base Score Metrics:
|Temporal Score Metrics:
*The CVSS Environment Score is customer environment-specific and will ultimately impact the overall CVSS score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.
More support for:
Lotus End of Support Products
Lotus Quickr for WebSphere Portal
Software version: 8.0, 8.1
Operating system(s): AIX, Linux, Windows
Reference #: 1405163
Modified date: 2009-12-07