CVE-2008-3860

CVE Database · CVE-2008-3860

CVE-2008-3860

· N/AModified

CVSS v3.1

N/A

EPSS

1.26%

Published

Aug 29, 2008

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163.

Weaknesses (CWE)

CWE-79

Affected Products (4)

ibm · aix

ibm · i5os

microsoft · windows_nt

ibm · lotus_quickrvulnerable

References (14)

http://osvdb.org/49772

http://osvdb.org/49776

http://secunia.com/advisories/31634

Vendor Advisory