Vulnerabilities > IBM > Lotus Connections
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-04-23 | CVE-2013-0503 | Cross-Site Scripting vulnerability in IBM Lotus Connections Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-02-15 | CVE-2011-1032 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Connections 3.0 IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. | 6.8 |
2011-02-14 | CVE-2011-1030 | Cross-Site Scripting vulnerability in IBM Lotus Connections 3.0 Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene." | 4.3 |
2010-06-15 | CVE-2010-2280 | Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1 Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH. network ibm | 4.3 |
2010-06-15 | CVE-2010-2279 | Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1 The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors. | 7.6 |
2010-06-15 | CVE-2010-2278 | Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1 The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. | 4.0 |
2010-06-15 | CVE-2010-2277 | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.5.0/2.5.0.1 Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component. | 4.3 |
2009-10-28 | CVE-2009-3816 | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.5.0.0 Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-09-29 | CVE-2009-3469 | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.0.1 Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.3 |
2008-10-31 | CVE-2008-4809 | Remote vulnerability in IBM Lotus Connections 2.0 Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. | 10.0 |