CVE-2010-0714

Published

12 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string..

CVSSv2.0 Score

Severity: Medium
Base Score: 4.3/10
Exploit Score: 8.6/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: None
Availability Impact: None
Integrity Impact: Partial

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:ibm:websphere_portal:5.1.0.3:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.0.4:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.1.0:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.1.3:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.0.2:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.1.5.0:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:5.1.0.2:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.1.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.0.0:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:5.1.0.4:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.1.4:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.1.5:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:5.1.0.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.0.3:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.1.6:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.1.7:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:5.1.0.0:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:5.1.0.5:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.1.0.0:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.1.0.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.0.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.0.1.2:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.1.0.2:::::::*	Yes	-	-
cpe:2.3:a:ibm:websphere_portal:6.1.0.3:::::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.2:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.4:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.5:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.4:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.1:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.3:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.2:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.1:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.3:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.7:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.3:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.4:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.0:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.2:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.0:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.0:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.1:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.1:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.0:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.2:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.3:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.1.5.0:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.6:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.5:::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.5.0	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.5	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.3	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.1	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.3	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.7	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.6	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.3	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.2	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.2	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.4	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.0	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.0	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.1	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.2	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.0	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.1	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.0	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.2	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.3	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.4	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.4	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.1	Yes	-	-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.5	Yes	-	-
cpe:2.3:a:ibm:lotus_quickr:8.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_quickr:8.1.1.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_quickr:8.0.0.2:::::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_quickr:8.0:::::::*	Yes	-	-
cpe:2.3:a:ibm:lotus_quickr:8.1.1:::::::*	Yes	-	-

References

Get started for free to scan for vulnerabilities

Companies of all sizes use Mageni to scan their assets for vulnerabilities. Mageni is free for 7-days then $39 USD Monthly regardless of how many IPs, scans, deployments or users you have. Cancel at Anytime and 7-days Money-Back Guarantee. Developed and supported by certified CompTIA PenTest+ professionals. Mageni contributes 1% of your subscription to removing CO₂ from the atmosphere.

Get Started For Free

CVE-2010-0714

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Get started for free to scan for vulnerabilities

Product

Customer Service

Company

Compliance

CVE-2010-0714

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References

Get started for free to scan for vulnerabilities