Cross-Site Scripting Vulnerability in IBM Domino iNotes
CVE-2013-4063

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino; Lotus Inotes
Vendor: CVE Published:; 21 December 2013

Summary

This vulnerability in IBM Domino's iNotes allows remote attackers to exploit email messages by injecting arbitrary web scripts or HTML due to inadequate validation of active content. Versions prior to 8.5.3 FP6 and 9.0.1 are particularly susceptible. This could lead to unauthorized actions performed by the targeted user, creating opportunities for further exploitation if malicious scripts are executed in the context of the user’s session.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21659959

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/86594

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 21, 2013
Vulnerability Reserved
Jun 7, 2013