CVE-2014-0884
published 2014-03-25CVE-2014-0884: Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated…
PriorityP412low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
0.76%
50.6th percentile
Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | lotus_protector_for_mail_security | — | — |
| ibm | lotus_protector_for_mail_security | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
IBM Lotus Protector for Mail Security up to 2.7 cross site scripting (Nessus ID 74121 / ID 123083)
vuldb·2026-05-09·CVSS 3.5
CVE-2014-0884 [LOW] IBM Lotus Protector for Mail Security up to 2.7 cross site scripting (Nessus ID 74121 / ID 123083)
A vulnerability was found in IBM Lotus Protector for Mail Security up to 2.7. It has been rated as problematic. The affected element is an unknown function. This manipulation causes cross site scripting.
This vulnerability is tracked as CVE-2014-0884. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is advised.
GHSA
GHSA-3599-v669-h9pj: Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2
ghsa_unreviewed·2022-05-17
CVE-2014-0884 [LOW] CWE-79 GHSA-3599-v669-h9pj: Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2
Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-03-25
Published