Vulnerabilities > IBM > Lotus Connections > 1.0.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-04-23 | CVE-2013-0503 | Cross-Site Scripting vulnerability in IBM Lotus Connections Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-10-31 | CVE-2008-4808 | Information Exposure vulnerability in IBM Lotus Connections IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. | 5.0 |
2008-10-31 | CVE-2008-4807 | Credentials Management vulnerability in IBM Lotus Connections IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. | 2.1 |
2008-10-31 | CVE-2008-4806 | SQL Injection vulnerability in IBM Lotus Connections Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. | 7.5 |
2008-10-31 | CVE-2008-4805 | Cross-Site Scripting vulnerability in IBM Lotus Connections Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. | 4.3 |