Cross-Site Scripting Vulnerability in IBM iNotes
CVE-2017-1327
6.1MEDIUM
Summary
IBM iNotes versions 8.5 and 9.0 are subject to a cross-site scripting vulnerability that allows attackers to insert arbitrary JavaScript code into the Web UI. This exploitation can enable unauthorized actions and lead to the disclosure of user credentials within an active session. Ensuring the application is updated and employing additional security measures can mitigate risks associated with this vulnerability.
Affected Version(s)
iNotes 9.0
iNotes 8.5.3
iNotes 8.5.2
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved