CVE-2011-1106: XSS
First published: Tue Mar 01 2011(Updated: )
Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sametime | =8.0.1 | |
| IBM Sametime | =8.0 | |
| IBM Sametime |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-1106?
CVE-2011-1106 is categorized as a medium-severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2011-1106?
To fix CVE-2011-1106, update IBM Lotus Sametime to the latest version that addresses this vulnerability.
What impact does CVE-2011-1106 have on my system?
CVE-2011-1106 can allow remote attackers to inject arbitrary web scripts or HTML, compromising the security of your application.
Is my version of IBM Lotus Sametime vulnerable to CVE-2011-1106?
Versions 8.0 and 8.0.1 of IBM Lotus Sametime are vulnerable to CVE-2011-1106.
Can CVE-2011-1106 be exploited remotely?
Yes, CVE-2011-1106 can be exploited remotely by an attacker to execute malicious scripts in the context of the user’s session.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm sametime
- version/ibm sametime/8.0.1
- version/ibm sametime/8.0