CVE-2015-2015

CWE-79Cross-site Scripting (XSS)53 documents10 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 53.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Domino
Timeline
PublishedAug 23
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/domino8.5.3

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-9fc2-rwr3-r45x: Cross-site scripting (XSS) vulnerability in pubnames2022-05-17
CVEList
CVE-2015-2015: Cross-site scripting (XSS) vulnerability in pubnames2015-08-23

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple code execution flaws (APSB15-19)2015-08-12

🕵️Threat Intelligence

2
Krebs
Third Hacking Team Flash Zero-Day Found2015-07-14
Krebs
Yet Another Flash Patch Fixes Zero-Day Flaw – Krebs on Security2015-02-01

💬Community

11
Bugzilla
CVE-2015-6644 bouncycastle: Information disclosure in GCMBlockCipher [fedora-24]2017-04-20
Bugzilla
CVE-2015-5162 openstack-glance: openstack-nova/glance/cinder: Malicious image may exhaust resources [fedora-all]2016-10-07
Bugzilla
CVE-2015-0855 pitivi: insecure use of os.system() [fedora-all]2016-01-04
Bugzilla
CVE-2015-8543 kernel: IPv6 connect causes DoS via NULL pointer dereference2015-12-10
Bugzilla
CVE-2015-8389 mingw-pcre: pcre: Infinite recursion in JIT compiler when processing certain patterns [epel-7]2015-12-02
CVE-2015-2015 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io