CVE-2012-3302Cross-site Scripting in IBM Lotus Domino

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 49.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Domino
Timeline
PublishedAug 21
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_domino24 versions+23

🔴Vulnerability Details

2
GHSA
GHSA-35g9-4fjq-g938: Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 72022-05-17
CVEList
CVE-2012-3302: Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 72012-08-21
CVE-2012-3302 — Cross-site Scripting in IBM | cvebase