CVE-2010-2277
Published Jun 15, 2010
Last updated 14 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_connections:2.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C158C61A-ADC7-410D-93D1-25F594B089B0"
},
{
"criteria": "cpe:2.3:a:ibm:lotus_connections:2.5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F331AFF-4A81-4131-A310-E71B51157EC0"
}
],
"operator": "OR"
}
]
}
]