Unrated severityNVD Advisory· Published Aug 29, 2008· Updated Apr 23, 2026

CVE-2008-3860

Description

Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163.

Affected products

IBM/Lotus Quickr
cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/31634nvdVendor Advisory
osvdb.org/49772nvd
osvdb.org/49776nvd
www-01.ibm.com/support/docview.wssnvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2008/2444nvd
exchange.xforce.ibmcloud.com/vulnerabilities/44694nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000