CVE-2011-1106

{"id": "CVE-2011-1106", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-03-01T23:00:03.190", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2011-02/0217.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43430", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/46481", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65555", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2011-02/0217.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43430", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/46481", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65555", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en stcenter.nsf en el servidor de IBM Lotus Sametime, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro authReasonCode en una acci\u00f3n OpenDatabase."}], "lastModified": "2024-11-21T01:25:32.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_sametime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AB3B1EB-D028-4416-886F-77D784CBDB91"}, {"criteria": "cpe:2.3:a:ibm:lotus_sametime:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6200D391-5317-4CF5-828F-5FB68C3B45E2"}, {"criteria": "cpe:2.3:a:ibm:lotus_sametime:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71EB8C02-5EA3-4E16-8834-064AE4208BAA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}