Cross-Site Scripting Vulnerability in IBM iNotes
CVE-2016-5881

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Inotes
Vendor
CVE Published:
1 February 2017

Summary

IBM iNotes is impacted by a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code through the Web UI. This exploitation can manipulate the application's intended functionality, posing a risk of disclosing sensitive user credentials during a trusted session. Users interacting with affected versions need to be aware of the potential for unauthorized actions that compromise security.

Affected Version(s)

iNotes 9.0

iNotes 8.5.3

iNotes 8.5.2

References

http://www.securitytracker.com/id/1037592
vdb-entryx_refsource_SECTRACK
http://www.ibm.com/support/docview.wss?uid=swg21995122
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95459
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.