XSS in Ibm Lotus_inotes

CVE-2012-5943

Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (46.7th percentile) — read the EPSS interpretation.

Affected products

Ibm Lotus_inotes — versions 8.5.0.0, 8.5.0.1, 8.5.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

inotes-mail-xss(80538) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)