CVE-2009-3114

CWE-94Code Injection3 documents3 sources
Severity
7.5HIGH
EPSS
0.8%
top 26.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Notes
Timeline
PublishedSep 9
Latest updateMay 2

Description

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-p548-q955-gcwg: The RSS reader widget in IBM Lotus Notes 82022-05-02
CVEList
CVE-2009-3114: The RSS reader widget in IBM Lotus Notes 82009-09-09
CVE-2009-3114 (HIGH CVSS 7.5) | The RSS reader widget in IBM Lotus | cvebase.io