CVE-2010-2277

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.5%
top 35.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Connections
Timeline
PublishedJun 15
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_connections2.5.0, 2.5.0.1+1

Patches

Patch: www-01.ibm.comPatch: www.vupen.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-5vpg-7cf5-grcm: Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 22022-05-17
CVEList
CVE-2010-2277: Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 22010-06-14
CVE-2010-2277 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io