Published: 21/08/2012 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x prior to 8.5.4 allow remote malicious users to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm lotus domino 7.0.1
ibm lotus domino 7.0.4.1
ibm lotus domino 7.0.4.2
ibm lotus domino 7.0.2.2
ibm lotus domino 7.0.3.1
ibm lotus domino 7.0.3.0
ibm lotus domino 7.0.4.0
ibm lotus domino 7.0.2
ibm lotus domino 7.0.1.1
ibm lotus domino 8.5.1.5
ibm lotus domino 8.5.2.0
ibm lotus domino 8.5.3.2
ibm lotus domino 8.5.1.1
ibm lotus domino 8.5.1.2
ibm lotus domino 8.5.2.3
ibm lotus domino 8.5.2.4
ibm lotus domino 8.5.1.3
ibm lotus domino 8.5.1.4
ibm lotus domino 8.5.3.0
ibm lotus domino 8.5.3.1
ibm lotus domino 8.5.0
ibm lotus domino 8.5.0.1
ibm lotus domino 8.5.2.1
ibm lotus domino 8.5.2.2

Lotus Domino versions 854 and below suffer from multiple cross site scripting vulnerabilities ...

CWE-79 http://websecurity.com.ua/5839/http://www-01.ibm.com/support/docview.wss?uid=swg21608160 https://exchange.xforce.ibmcloud.com/vulnerabilities/77401 https://nvd.nist.gov https://packetstormsecurity.com/files/120963/Lotus-Domino-8.5.4-Cross-Site-Scripting.html

CVE-2012-3302

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect