XSS in Ibm Domino

CVE-2015-1981

Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted U…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (53.2th percentile) — read the EPSS interpretation.

Affected products

Ibm Domino — versions 8.5.0, 8.5.1, 8.5.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
74908 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
20150619 IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981) (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
1032673 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)