Cross-Site Scripting Vulnerability in IBM Lotus Notes 8.x and 9.0
CVE-2013-0538

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes
Vendor: CVE Published:; 1 May 2013

Summary

A Cross-Site Scripting (XSS) vulnerability exists in IBM Lotus Notes versions prior to 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the application. It specifically exploits vulnerabilities present in HTML email messages, where an attacker can craft a malicious SCRIPT element. If unsuspecting users open such manipulated emails, they may inadvertently execute the attacker's scripts, leading to potential data theft or compromise of sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/83270

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/912420

third-party-advisoryx_refsource_CERT-VN

http://www-01.ibm.com/support/docview.wss?uid=swg21633819

x_refsource_CONFIRM

Timeline

Vulnerability published
May 1, 2013
Vulnerability Reserved
Dec 16, 2012