XSS Vulnerability in IBM Domino Web Server Product
CVE-2015-2015

Currently unrated

Key Information:

Vendor: IBM
Status: Domino
Vendor: CVE Published:; 23 August 2015

What is CVE-2015-2015?

A cross-site scripting (XSS) vulnerability exists in the pubnames.ntf (Directory template) of the web server in IBM Domino prior to version 9.0.0. This flaw permits remote attackers to inject arbitrary web scripts or HTML via specially crafted URLs, thereby compromising the web application’s integrity and user security. Exploitation of this vulnerability can lead to unauthorized actions being performed on behalf of users, impacting their data and privacy.

References

http://www.securitytracker.com/id/1033271

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg21963016

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2015
Vulnerability Reserved
Feb 19, 2015