XSS in Ibm Domino

CVE-2015-2015

Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (46.7th percentile) — read the EPSS interpretation.

Affected products

Ibm Domino
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

1033271 (vdb-entry, x_refsource_SECTRACK)
psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)