Cross-Site Scripting Vulnerability in IBM Domino iNotes
CVE-2013-4065

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino; Lotus Inotes
Vendor: CVE Published:; 21 December 2013

Summary

A cross-site scripting vulnerability resides in the iNotes feature of IBM Domino, allowing attackers to inject arbitrary web scripts or HTML through active content in email messages. This weakness is particularly significant when ultra-light mode is enabled, potentially enabling unauthorized access to sensitive information or execution of malicious scripts on the user’s web browser. This vulnerability primarily affects versions of IBM Domino prior to 8.5.3 FP6 and 9.0.1, necessitating immediate updating to secure user data from exploitation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/86596

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21659959

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 21, 2013
Vulnerability Reserved
Jun 7, 2013