Cross-Site Scripting in IBM Lotus iNotes by IBM
CVE-2010-0920

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Inotes
Vendor: CVE Published:; 3 March 2010

Summary

A Cross-Site Scripting (XSS) vulnerability exists in IBM Lotus iNotes, allowing remote attackers to inject arbitrary web scripts or HTML into the application. This vulnerability arises from insufficient checks for certain web filters and referer validation, posing a risk to the security of web interactions within Lotus iNotes. Attackers could exploit this flaw to execute harmful scripts in users' browsers, potentially leading to unauthorized access or data exposure.

References

http://www.vupen.com/english/advisories/2010/0496

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/38459

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg27018109

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 3, 2010