IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element.
References
Configurations
History
21 Nov 2024, 00:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/29072 - | |
References | () http://securityreason.com/securityalert/3721 - | |
References | () http://www.securityfocus.com/archive/1/488620/100/100/threaded - | |
References | () http://www.securityfocus.com/bid/27925 - | |
References | () http://www.vupen.com/english/advisories/2008/0667 - |
Information
Published : 2008-03-09 02:44
Updated : 2025-04-09 00:30
NVD link : CVE-2008-1216
Mitre link : CVE-2008-1216
CVE.ORG link : CVE-2008-1216
JSON object : View
Products Affected
ibm
- lotus_quickr_server
CWE
CWE-20
Improper Input Validation