Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2010-0714
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 4.3/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- None
- Integrity Impact
- Partial
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:ibm:websphere_portal:5.1.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:5.1.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:5.1.0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:5.1.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:5.1.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:5.1.0.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.2:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.4:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.5:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.4:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.1:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.3:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.2:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.1:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.3:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.7:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.1.5.0:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.6:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.0:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.5:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.4:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.3:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.3:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.2:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.0:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.2:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.1:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.0:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.1:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.0:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.5.0 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.5 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.3 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.1 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.3 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.7 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.6 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.3 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.2 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.2 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.4 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.4 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.0 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.1 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.4 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.1 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.0 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.0 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.1 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.2 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.5 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.3 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.0 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.2 |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_quickr:8.1.1.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_quickr:8.0.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_quickr:8.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:ibm:lotus_quickr:8.1.1:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21421469
- http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233
- http://www.hacktics.com/content/advisories/AdvIBM20100224.html
- http://www.securityfocus.com/bid/38412
- http://www.securitytracker.com/id?1023660
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56508
- http://www.securityfocus.com/archive/1/509744/100/0/threaded