CVE-2010-0357 — Cross-site Scripting in IBM Lotus WEB Content Management

CWE-79 — Cross-site Scripting14 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 29.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus WEB Content Management

Timeline

PublishedJan 20

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/lotus_web_content_management5 versions+4

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-6j4v-9f2q-v33c: Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6↗2022-05-02

▶

CVEList

CVE-2010-0357: Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6↗2010-01-20

▶

💬Community

Bugzilla

CVE-2010-4447 JDK unspecified vulnerability in Deployment component↗2011-02-16

▶

Bugzilla

CVE-2010-4422 JDK unspecified vulnerability in Deployment component↗2011-02-16

▶

Bugzilla

CVE-2010-4462 JDK unspecified vulnerability in Sound component↗2011-02-16

▶

Bugzilla

CVE-2010-4452 JDK unspecified vulnerability in Deployment component↗2011-02-16

▶

Bugzilla

CVE-2010-4454 JDK unspecified vulnerability in Sound component↗2011-02-16

▶