Ibm Lotus Inotes vulnerabilities

19 known vulnerabilities affecting ibm/lotus_inotes.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL5HIGH2MEDIUM7LOW5

Vulnerabilities

Page 1 of 1

CVE-2016-0282MEDIUMCVSS 5.4v8.5.0.0v8.5.0.1+18 more2016-11-24

CVE-2016-0282 [MEDIUM] CWE-79 CVE-2016-0282: Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authentica Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS.

nvd

CVE-2014-0913MEDIUMCVSS 4.3v8.5.3.6v9.0.1.02014-05-09

CVE-2014-0913 [MEDIUM] CWE-79 CVE-2014-0913: Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 bef Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE.

nvd

CVE-2013-4063MEDIUMCVSS 4.3v8.5.3.0v8.5.3.1+5 more2013-12-21

CVE-2013-4063 [MEDIUM] CWE-79 CVE-2013-4063: Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x be Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.

nvd

CVE-2013-4064LOWCVSS 2.1v8.5.3.0v8.5.3.1+5 more2013-12-21

CVE-2013-4064 [LOW] CWE-79 CVE-2013-4064: Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x be Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA.

nvd

CVE-2013-4065LOWCVSS 2.6v8.5.3.0v8.5.3.1+5 more2013-12-21

CVE-2013-4065 [LOW] CWE-79 CVE-2013-4065: Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x be Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP.

nvd

CVE-2013-0595MEDIUMCVSS 4.3v8.5.0.0v8.5.1.0+2 more2013-08-27

CVE-2013-0595 [MEDIUM] CWE-79 CVE-2013-0595: Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8 Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3.

nvd

CVE-2013-0590LOWCVSS 3.5v8.5.0.0v8.5.1.0+2 more2013-08-27

CVE-2013-0590 [LOW] CWE-79 CVE-2013-0590: Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 al Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591.

nvd

CVE-2013-0591LOWCVSS 3.5v8.5.0.0v8.5.1.0+2 more2013-08-27

CVE-2013-0591 [LOW] CVE-2013-0591: Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 al Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590.

nvd

CVE-2013-0536HIGHCVSS 7.2v8.5.2.0v8.5.3.02013-06-21

CVE-2013-0536 [HIGH] CWE-264 CVE-2013-0536: ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8. ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.

nvd

CVE-2012-5943MEDIUMCVSS 4.3v8.5.0.0v8.5.0.1+13 more2013-03-26

CVE-2012-5943 [MEDIUM] CWE-79 CVE-2012-5943: Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted r Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9.

nvd

CVE-2013-0525LOWCVSS 1.5v8.5.0.0v8.5.0.1+13 more2013-03-26

CVE-2013-0525 [LOW] CWE-79 CVE-2013-0525: Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX.

nvd

CVE-2012-2175CRITICALCVSS 9.3PoCv8.5.0.0v8.5.0.1+12 more2012-06-20

CVE-2012-2175 [CRITICAL] CWE-119 CVE-2012-2175: Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lot Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.

nvd

CVE-2010-0918CRITICALCVSS 10.0≤ 229.271v229.011+21 more2010-03-03

CVE-2010-0918 [CRITICAL] CVE-2010-0918: Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors.

nvd

CVE-2010-0919HIGHCVSS 7.6≤ 229.271v229.011+21 more2010-03-03

CVE-2010-0919 [HIGH] CWE-119 CVE-2010-0919: Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.

nvd

CVE-2010-0921MEDIUMCVSS 6.8≤ 229.271v229.011+21 more2010-03-03

CVE-2010-0921 [MEDIUM] CWE-352 CVE-2010-0921: Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) b Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."

nvd

CVE-2010-0920MEDIUMCVSS 4.3≤ 229.271v229.011+21 more2010-03-03

CVE-2010-0920 [MEDIUM] CWE-79 CVE-2010-0920: Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 2 Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."

nvd

CVE-2010-0274CRITICALCVSS 10.0≤ 229.231v229.011+17 more2010-01-09

CVE-2010-0274 [CRITICAL] CVE-2010-0274: Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Dom Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5.

nvd

CVE-2009-4594CRITICALCVSS 10.0≤ 229.111v229.011+6 more2010-01-09

CVE-2009-4594 [CRITICAL] CVE-2009-4594: Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domi Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH.

nvd

CVE-2010-0275CRITICALCVSS 10.0≤ 229.231v229.011+17 more2010-01-09

CVE-2010-0275 [CRITICAL] CVE-2010-0275: Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58.

nvd