Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1106

CWE-79 ā€” Cross-site Scripting (XSS)5 documents5 sources
Severity
4.3MEDIUM
EPSS
1.4%
top 19.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Sametime
Timeline
PublishedMar 1
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

ā–¶NVDibm/lotus_sametime8.0, 8.0.1+1

šŸ”“Vulnerability Details

2
GHSA
GHSA-qj78-2g8g-r26x: Cross-site scripting (XSS) vulnerability in stcenterā†—2022-05-17
ā–¶
CVEList
CVE-2011-1106: Cross-site scripting (XSS) vulnerability in stcenterā†—2011-03-01
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
IBM Lotus Sametime Server 8.0 - 'stcenter.nsf' Cross-Site Scriptingā†—2011-02-22
ā–¶

šŸ’¬Community

1
Bugzilla
CVE-2011-1764 exim: improper format string handling in DKIM signaturesā†—2011-05-05
ā–¶
CVE-2011-1106 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io