XSS in Ibm Lotus_domino
CVE-2014-0913
Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (50.4th percentile) — read the EPSS interpretation.
Affected products
- Ibm Lotus_domino — versions 8.5.3.6, 9.0.1.0
- Ibm Lotus_inotes — versions 8.5.3.6, 9.0.1.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 1030215 (vdb-entry, x_refsource_SECTRACK)
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
- ibm-inotes-cve20140913-xss(91880) (vdb-entry, x_refsource_XF)