Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1038

CWE-79Cross-site Scripting (XSS)9 documents6 sources
Severity
4.3MEDIUM
EPSS
2.7%
top 14.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Sametime
Timeline
PublishedFeb 22
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-64wx-9889-v8xp: Multiple cross-site scripting (XSS) vulnerabilities in stconf2022-05-14
CVEList
CVE-2011-1038: Multiple cross-site scripting (XSS) vulnerabilities in stconf2011-02-22

💥Exploits & PoCs

2
Exploit-DB
Netmechanica NetDecision Dashboard Server - Information Disclosure2012-02-29
Exploit-DB
IBM Lotus Sametime - '/stconf.nsf/WebMessage?messageString' Cross-Site Scripting2011-02-21

🔍Detection Rules

2
Suricata
ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross Site Scripting Attempt2011-03-01
Suricata
ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross Site Scripting Attempt2011-03-01

💬Community

2
Bugzilla
CVE-2010-1679 dpkg: directory traversal flaw allows for arbitrary file creation2011-01-12
Bugzilla
CVE-2011-0402 dpkg: arbitrary file modification via symlink attack2011-01-12
CVE-2011-1038 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io