Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Connections | 2.5.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/40007Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21431472PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47214
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47362
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47921
- http://www.vupen.com/english/advisories/2010/1281PatchVendor Advisory
- http://secunia.com/advisories/40007Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21431472PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47214
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47362
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47921
- http://www.vupen.com/english/advisories/2010/1281PatchVendor Advisory
FAQ
What is CVE-2010-2277?
CVE-2010-2277 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in t...
How severe is CVE-2010-2277?
CVE-2010-2277 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2277?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Connections.