Ibm Inotes vulnerabilities

CVE-2017-1659 [MEDIUM] CWE-79 CVE-2017-1659: "HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this "HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."

CVE-2013-0589 [HIGH] CWE-200 CVE-2013-0589: IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371.

CVE-2013-0592 [MEDIUM] CWE-79 CVE-2013-0592: Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815.

CVE-2013-0594 [MEDIUM] CWE-601 CVE-2013-0594: Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383.

CVE-2017-1421 [MEDIUM] CWE-79 CVE-2017-1421: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2017-1129 [MEDIUM] CVE-2017-1129: IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a mal IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.

CVE-2017-1130 [MEDIUM] CVE-2017-1130: IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a mal IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.

CVE-2017-1327 [MEDIUM] CWE-79 CVE-2017-1327: IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to emb IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062.

CVE-2017-1332 [MEDIUM] CWE-79 CVE-2017-1332: IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to emb IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234.

CVE-2017-1214 [MEDIUM] CWE-200 CVE-2017-1214: IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that whe IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.

CVE-2017-1325 [MEDIUM] CWE-79 CVE-2017-1325: IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to emb IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.

CVE-2016-9990 [MEDIUM] CWE-79 CVE-2016-9990: IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to emb IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824.

CVE-2016-5883 [MEDIUM] CWE-79 CVE-2016-5883: IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to emb IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010.

CVE-2016-2938 [MEDIUM] CWE-79 CVE-2016-2938: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2016-2939 [MEDIUM] CWE-79 CVE-2016-2939: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2016-6113 [MEDIUM] CWE-79 CVE-2016-6113: IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2016-5882 [MEDIUM] CWE-79 CVE-2016-5882: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2016-5880 [MEDIUM] CWE-79 CVE-2016-5880: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2016-5884 [MEDIUM] CWE-79 CVE-2016-5884: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2016-5881 [MEDIUM] CWE-79 CVE-2016-5881: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.