CVE-2010-2277

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component.

References

http://www.vupen.com/english/advisories/2010/1281

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47921

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47362

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47214

http://www-01.ibm.com/support/docview.wss?uid=swg21431472

http://secunia.com/advisories/40007

Details

Source: Mitre, NVD

Published: 2010-06-15

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00463