CVE-2011-1106

Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
ibmlotus_sametime
*
ibmlotus_sametime
8.0
ibmlotus_sametime
8.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2011-02/0217.html
http://secunia.com/advisories/43430
http://www.securityfocus.com/bid/46481
https://exchange.xforce.ibmcloud.com/vulnerabilities/65555
http://archives.neohapsis.com/archives/bugtraq/2011-02/0217.html
http://secunia.com/advisories/43430
http://www.securityfocus.com/bid/46481
https://exchange.xforce.ibmcloud.com/vulnerabilities/65555