XSS in Ibm Lotus_domino

CVE-2013-4065

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mai…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (46.7th percentile) — read the EPSS interpretation.

Affected products

Ibm Lotus_domino — versions 8.5.3.0, 8.5.3.1, 8.5.3.2
Ibm Lotus_inotes — versions 8.5.3.0, 8.5.3.1, 8.5.3.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

ibm-inotes-cve20134065-xss(86596) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)