VYPR
Unrated severityNVD Advisory· Published Dec 19, 2012· Updated Jun 16, 2026

CVE-2012-4848

CVE-2012-4848

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the (1) First Name or (2) Last Name field.

Affected products

5
  • cpe:2.3:a:ibm:lotus_foundations_start:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:ibm:lotus_foundations_start:*:*:*:*:*:*:*:*range: <=1.2.2
    • cpe:2.3:a:ibm:lotus_foundations_start:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_foundations_start:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_foundations_start:1.2:*:*:*:*:*:*:*
    • (no CPE)range: < 1.2.2c

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.