CVE Vulnerability

CVE-2008-2410

Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www-1.ibm.com/support/docview.wss?uid=swg21303296
http://secunia.com/advisories/30310 Vendor Advisory
http://secunia.com/advisories/30332 Vendor Advisory
http://www.securityfocus.com/bid/29311
http://www.vupen.com/english/advisories/2008/1597
https://exchange.xforce.ibmcloud.com/vulnerabilities/42553
Configurations

Configuration 1

cpe:2.3:a:ibm:lotus_domino_web_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_web_server:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_web_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_web_server:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_web_server:7.0.1:*:*:*:*:*:*:*
Information

Published : 2008-05-22 01:09

Updated : 2017-08-08 01:31

NVD link : CVE-2008-2410

Mitre link : CVE-2008-2410

Products Affected
No products.
CWE
CWE-79