XSS in Ibm Lotus_notes

CVE-2013-0538

Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (67.6th percentile) — read the EPSS interpretation.

Affected products

Ibm Lotus_notes — versions 8.0, 8.0.0, 8.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

ibm-notes-javascript-tags(83270) (vdb-entry, x_refsource_XF)
VU#912420 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)