Cross-Site Scripting Vulnerabilities in IBM iNotes
CVE-2013-0525

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Inotes
Vendor: CVE Published:; 26 March 2013

Summary

Multiple cross-site scripting vulnerabilities in IBM iNotes 8.5.x enable local users to inject arbitrary web scripts or HTML into a shared mail file. This can lead to unauthorized content being executed in the context of other users, allowing potential attackers to manipulate the web interface, steal sensitive information, or perform actions on behalf of the unsuspecting users.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/82542

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21628658

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 26, 2013
Vulnerability Reserved
Dec 16, 2012