Unrated severityNVD Advisory· Published Dec 19, 2012· Updated Jun 16, 2026
CVE-2012-4848
CVE-2012-4848
Description
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the (1) First Name or (2) Last Name field.
Affected products
5cpe:2.3:a:ibm:lotus_foundations_start:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:ibm:lotus_foundations_start:*:*:*:*:*:*:*:*range: <=1.2.2
- cpe:2.3:a:ibm:lotus_foundations_start:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_foundations_start:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_foundations_start:1.2:*:*:*:*:*:*:*
- (no CPE)range: < 1.2.2c
Patches
Vulnerability mechanics
References
2- www.ibm.com/support/docview.wssnvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/79537nvd
News mentions
0No linked articles in our index yet.