Vulnerability in Lotus Quickr services for Portal 

Security Risk with Fix Available: Web Content Management login page vulnerable to cross site scripting attacks, also affects WebSphere Portal and Quickr services for WebSphere Portal

Abstract
A script can be injected into a URL pointing at a vulnerable login page. This URL could be sent to users (such as in a phishing mail). Users following this link would be executing the injected script.
 
Content
A vulnerability has been reported to IBM by Hacktics, Ltd., describing that the login page of the IBM Lotus Workplace Web Content Management is susceptible to Reflected Cross Site Scripting attacks.

Affected Systems: All Web Content Management systems and all WebSphere Portal installations are affected even if the Web Content Management component is not active. IBM Lotus Quickr Services for WebSphere Portal is also affected.
Well worth working around or installing fix ASAP.

More >



By: Stuart McIntyre - Quickr Blog | 0 Comments | On: 1 March 2010 05:14:16 | Tags:  quickr  portal 

Opus Neo Ad


Comments

No Comments Found


Add a comment

Subject:
   
Name:
E-mail:
Web Site:
 
Comment:  (No HTML - Links will be converted if prefixed http://)
 
Remember Me?