cve-2008-5011
Vulnerability from cvelistv5
Published
2008-11-10 15:00
Modified
2024-08-07 10:40
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.
References
cve@mitre.orghttp://osvdb.org/49777
cve@mitre.orghttp://osvdb.org/49778
cve@mitre.orghttp://secunia.com/advisories/32574Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg27013341Patch
cve@mitre.orghttp://www.securityfocus.com/bid/32212
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3081
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46463
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/49777
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/49778
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32574Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg27013341Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32212
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46463
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:40:17.079Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-3081",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3081"
          },
          {
            "name": "32574",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32574"
          },
          {
            "name": "lotus-quickr-multiple-unspecified-xss(46463)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46463"
          },
          {
            "name": "32212",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32212"
          },
          {
            "name": "49778",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/49778"
          },
          {
            "name": "49777",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/49777"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-3081",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3081"
        },
        {
          "name": "32574",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32574"
        },
        {
          "name": "lotus-quickr-multiple-unspecified-xss(46463)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46463"
        },
        {
          "name": "32212",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32212"
        },
        {
          "name": "49778",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/49778"
        },
        {
          "name": "49777",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/49777"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5011",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-3081",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3081"
            },
            {
              "name": "32574",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32574"
            },
            {
              "name": "lotus-quickr-multiple-unspecified-xss(46463)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46463"
            },
            {
              "name": "32212",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32212"
            },
            {
              "name": "49778",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/49778"
            },
            {
              "name": "49777",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/49777"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5011",
    "datePublished": "2008-11-10T15:00:00",
    "dateReserved": "2008-11-10T00:00:00",
    "dateUpdated": "2024-08-07T10:40:17.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus:*:8.1.0.1:*:*:*:*:*:*\", \"versionEndIncluding\": \"quickr\", \"matchCriteriaId\": \"590D5871-EB1A-41F1-8F14-1D179BFB35FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus:quickr:8.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D4EDB39-5BF2-44DF-9E1B-341B7117643E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE9179CA-5855-4F19-BAA6-D0A6DF468B9B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Lotus Connections v2.x anterior a v2.0.1 de IBM Lotus Quickr v8.1 anteriores a v8.1.0.2, servicios para Lotus Domino, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\\u00f3n mediante vectores no especificados, posiblemente relativo a qpconfig_sample.xml, (tambi\\u00e9n conocido como) SPR CWIR7KMPVP y THES7F9NVR, es una vulnerabilidad diferente a CVE-2008-2163 y CVE-2008-3860.\"}]",
      "id": "CVE-2008-5011",
      "lastModified": "2024-11-21T00:53:04.123",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-11-10T15:23:24.517",
      "references": "[{\"url\": \"http://osvdb.org/49777\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/49778\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/32574\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg27013341\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/32212\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3081\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/46463\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/49777\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/49778\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/32574\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg27013341\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/32212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3081\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/46463\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-5011\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-11-10T15:23:24.517\",\"lastModified\":\"2024-11-21T00:53:04.123\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Lotus Connections v2.x anterior a v2.0.1 de IBM Lotus Quickr v8.1 anteriores a v8.1.0.2, servicios para Lotus Domino, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados, posiblemente relativo a qpconfig_sample.xml, (tambi\u00e9n conocido como) SPR CWIR7KMPVP y THES7F9NVR, es una vulnerabilidad diferente a CVE-2008-2163 y CVE-2008-3860.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus:*:8.1.0.1:*:*:*:*:*:*\",\"versionEndIncluding\":\"quickr\",\"matchCriteriaId\":\"590D5871-EB1A-41F1-8F14-1D179BFB35FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus:quickr:8.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D4EDB39-5BF2-44DF-9E1B-341B7117643E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE9179CA-5855-4F19-BAA6-D0A6DF468B9B\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/49777\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/49778\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32574\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg27013341\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/32212\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/3081\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46463\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/49777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/49778\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32574\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg27013341\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/32212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/3081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.