CVE-2013-4065

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
2.6LOW
EPSS
0.2%
top 53.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Lotus DominoIBM Lotus Inotes
Timeline
PublishedDec 21
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

NVDibm/lotus_domino7 versions+6
NVDibm/lotus_inotes7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-3vg7-r97c-mrmp: Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 82022-05-17
CVEList
CVE-2013-4065: Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 82013-12-21
CVE-2013-4065 (LOW CVSS 2.6) | Cross-site scripting (XSS) vulnerab | cvebase.io