Dennis' Domino Blog

Dennis' Domino Blog
« De Groene Zaak officieel van start met InterfaceFLOR als founding partnerLotus Domino LDAP Message Remote Denial of Service Vulnerability (tested and works...) »

IBM Lotus Web Content Management Login Page Cross Site Scripting Vulnerability

Permalink 01/15/10 21:10, by Dennis van Remortel, Categories: IBM, Lotus, security
Another vulnerability via securityfocus:

Bugtraq ID: 	37825
Class:		Input Validation Error
CVE: 	
Remote: 	Yes
Local: 		No
Published: 	Jan 14 2010 12:00AM
Updated: 	Jan 15 2010 03:21PM
Credit: 	IBM
Vulnerable: 
		IBM Lotus Web Content Management 6.1 2
		IBM Lotus Web Content Management 6.1 1
		IBM Lotus Web Content Management 6.0.1 6
		IBM Lotus Web Content Management 6.0.1 5
		IBM Lotus Web Content Management 6.0.1 4


IBM Lotus Web Content Management is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

This issue affects IBM Lotus Web Content Management 6.1.0.1, 6.1.0.2, 6.0.1.4, 6.0.1.5, and 6.0.1.6. 


IBM Links: 1 and 2


No feedback yet

Leave a comment


Your email address will not be revealed on this site.

Your URL will be displayed.
PoorExcellent
(Line breaks become <br />)
(Name, email & website)
(Allow users to contact you through a message form (your email will not be revealed.)
What Lotus product is discussed mainly here? The answer is domino
antispam test

Dennis' Domino Blog

Yet another Domino/Websphere Admin blog.

About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic

Downloads

Search

Categories

XML Feeds

What is RSS?

Twitter

Planet Lotus

Usefull links

blog soft

©2012 by Dennis van Remortel

Contact | Blog template by Asevo | blog tool | dedicated server | authors