Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0714

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
4.3MEDIUM
EPSS
2.1%
top 16.13%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
IBM Lotus QuickrIBM Lotus WEB Content ManagementIBM Lotus Workplace WEB Content Management+1 more
Timeline
PublishedFeb 26
Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDibm/lotus_quickr5 versions+4
NVDibm/websphere_portal24 versions+23

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-p5jg-vgvr-v22f: Cross-site scripting (XSS) vulnerability in login2022-05-02
CVEList
CVE-2010-0714: Cross-site scripting (XSS) vulnerability in login2010-02-26

💥Exploits & PoCs

2
Exploit-DB
Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (MS03-046) (Metasploit)2010-11-11
Exploit-DB
IBM (Multiple Products) - Login Page Cross-Site Scripting2010-02-25
CVE-2010-0714 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io