Lucene search

MitreCVE-2010-0920

HistoryMar 03, 2010 - 7:30 p.m.

CVE-2010-0920

2010-03-0319:30:00

CWE-79

mitre

web.nvd.nist.gov

ibm

lotus

inotes

xss

vulnerability

domino

web access

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

55.2%

JSON

Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of “XSS/CSRF Get Filter and Referer Check fixes.”

Affected configurations

Nvd

Node

ibmlotus_inotesRange≤229.271

ibmlotus_inotesMatch229.011

ibmlotus_inotesMatch229.021

ibmlotus_inotesMatch229.031

ibmlotus_inotesMatch229.041

ibmlotus_inotesMatch229.051

ibmlotus_inotesMatch229.061

ibmlotus_inotesMatch229.101

ibmlotus_inotesMatch229.111

ibmlotus_inotesMatch229.131

ibmlotus_inotesMatch229.141

ibmlotus_inotesMatch229.151

ibmlotus_inotesMatch229.161

ibmlotus_inotesMatch229.171

ibmlotus_inotesMatch229.181

ibmlotus_inotesMatch229.191

ibmlotus_inotesMatch229.201

ibmlotus_inotesMatch229.211

ibmlotus_inotesMatch229.221

ibmlotus_inotesMatch229.231

ibmlotus_inotesMatch229.241

ibmlotus_inotesMatch229.251

ibmlotus_inotesMatch229.261

AND

ibmlotus_dominoMatch8.0.2.4

VendorProductVersionCPE
ibmlotus_inotes*cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*
ibmlotus_inotes229.011cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*
ibmlotus_inotes229.021cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*
ibmlotus_inotes229.031cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*
ibmlotus_inotes229.041cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*
ibmlotus_inotes229.051cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*
ibmlotus_inotes229.061cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*
ibmlotus_inotes229.101cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*
ibmlotus_inotes229.111cpe:2.3:a:ibm:lotus_inotes:229.111:*:*:*:*:*:*:*
ibmlotus_inotes229.131cpe:2.3:a:ibm:lotus_inotes:229.131:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_inotes	*	cpe:2.3:a:ibm:lotus_inotes::::::::
ibm	lotus_inotes	229.011	cpe:2.3:a:ibm:lotus_inotes:229.011:::::::*
ibm	lotus_inotes	229.021	cpe:2.3:a:ibm:lotus_inotes:229.021:::::::*
ibm	lotus_inotes	229.031	cpe:2.3:a:ibm:lotus_inotes:229.031:::::::*
ibm	lotus_inotes	229.041	cpe:2.3:a:ibm:lotus_inotes:229.041:::::::*
ibm	lotus_inotes	229.051	cpe:2.3:a:ibm:lotus_inotes:229.051:::::::*
ibm	lotus_inotes	229.061	cpe:2.3:a:ibm:lotus_inotes:229.061:::::::*
ibm	lotus_inotes	229.101	cpe:2.3:a:ibm:lotus_inotes:229.101:::::::*
ibm	lotus_inotes	229.111	cpe:2.3:a:ibm:lotus_inotes:229.111:::::::*
ibm	lotus_inotes	229.131	cpe:2.3:a:ibm:lotus_inotes:229.131:::::::*

Rows per page:

1-10 of 241

References

www-01.ibm.com/support/docview.wss?uid=swg27018109

www.securityfocus.com/bid/38459

www.vupen.com/english/advisories/2010/0496

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

55.2%

JSON

Related for CVE-2010-0920