CVE-2010-0357 : Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Cont

Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Published 2010-01-20 16:30:00

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2010-0357

IBM » Lotus Web Content Management » Version: 6.0.1.4
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.4:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Web Content Management » Version: 6.0.1.5
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Web Content Management » Version: 6.0.1.6
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.6:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Web Content Management » Version: 6.1.0.1
cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Web Content Management » Version: 6.1.0.2
cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2010-0357

EPSS FAQ

0.63%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 68 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2010-0357

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2010-0357

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0357

http://www.vupen.com/english/advisories/2010/0149

Webmail | OVH- OVH
Vendor Advisory
http://securitytracker.com/id?1023463

IBM Lotus Web Content Management Input Validation Flaw in Login Page Permits Cross-Site Scripting Attacks - SecurityTracker
http://www.osvdb.org/61711

404 Not Found
https://exchange.xforce.ibmcloud.com/vulnerabilities/55663

IBM Lotus Web Content Management login page cross-site scripting CVE-2010-0357 Vulnerability Report
http://www.securityfocus.com/bid/37825

IBM Lotus Web Content Management Login Page Cross Site Scripting Vulnerability
http://secunia.com/advisories/38174

Sign in
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM03233

IBM notice: The page you requested cannot be displayed
http://www-01.ibm.com/support/docview.wss?uid=swg1PM04647

IBM PM04647: WCM CUMULATIVE IFIX 32 FOR 6.0.1.4, 6.0.1.5, 6.0.1.6
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM02704

IBM PM02704: WCM CUMULATIVE IFIX 24 FOR WCM V6.1.0.X
Patch

Jump to

Vulnerability Details : CVE-2010-0357

Products affected by CVE-2010-0357

Exploit prediction scoring system (EPSS) score for CVE-2010-0357

CVSS scores for CVE-2010-0357

CWE ids for CVE-2010-0357

References for CVE-2010-0357