CVE-2008-5011

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46463

http://www.vupen.com/english/advisories/2008/3081

http://www.securityfocus.com/bid/32212

http://www-01.ibm.com/support/docview.wss?uid=swg27013341

http://secunia.com/advisories/32574

http://osvdb.org/49778

http://osvdb.org/49777

Details

Source: Mitre, NVD

Published: 2008-11-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00427