Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1621 โ€” Cross-site Scripting in IBM Lotus Domino

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
4.0%
top 11.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Domino
Timeline
PublishedOct 18
Latest updateApr 29

Description

NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not โ€ฆ

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDibm/lotus_domino8 versions+7

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-39pc-77xc-3q8f: ** DISPUTED ** NOTE: this issue has been disputed by the vendorโ†—2022-04-29
โ–ถ
CVEList
CVE-2004-1621: NOTE: this issue has been disputed by the vendorโ†—2005-02-20
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Exploit-DB
IBM Lotus Domino 6.x - Cross-Site Scripting / HTML Injectionโ†—2004-10-18
โ–ถ
CVE-2004-1621 โ€” Cross-site Scripting in IBM | cvebase