20 matches found
CVE-2017-1129
CVE-2017-1129 describes a denial-of-service in IBM Notes 8.5 and 9.0, triggered by persuading a user to click a malicious link. The vulnerability affects the native browser component bundled with IBM Lotus Notes and can cause the Notes client to hang and require a restart. Public PoCs and exploit...
CVE-2017-1130
IBM Notes (versions 8.5 and 9.0) is vulnerable to a denial-of-service vulnerability described in CVE-2017-1130. The issue arises when a user is duped into clicking a malicious link, which triggers a flood of file-dialog boxes and can cause the Notes client to hang and require restart. Connected s...
CVE-2016-5882
The CVE-2016-5882 entry corresponds to an XSS vulnerability in IBM iNotes (Web UI) that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. The connected documents corroborate cross-site scripting in IBM Domino/iNotes compo...
CVE-2016-5883
IBM iNotes (Lotus Domino) 8.5 and 9.0 are vulnerable to cross-site scripting due to insufficient input filtering in the Web UI, enabling attackers to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. Exploitation and in-the-wild details are not provided in...
CVE-2016-5880
CVE-2016-5880 is an IBM iNotes (and Domino) cross-site scripting vulnerability described as allowing arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Public sources (NVD/CNVD/PRION and Nessus reference) attribute the issue to improper inp...
CVE-2016-5881
CVE-2016-5881 : The IBM iNotes web UI is vulnerable to cross-site scripting (XSS), allowing an attacker to embed arbitrary JavaScript in the UI and potentially disclose credentials within a trusted session. The description specifies XSS in the iNotes component but does not provide precise exploit...
CVE-2016-5884
IBM iNotes is vulnerable to cross-site scripting in the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The vulnerability is described across multiple sources as an XSS issue in the iNotes component and Domino-related entri...
CVE-2016-2938
CVE-2016-2938 affects IBM iNotes (and Domino web UI) with a cross-site scripting (XSS) vulnerability due to improper input validation, allowing an attacker to inject arbitrary JavaScript in a trusted user session and potentially disclose credentials. Affected component is the Web UI; underlying c...
CVE-2016-2939
CVE-2016-2939 corresponds to a cross-site scripting vulnerability affecting IBM iNotes (and IBM Domino in CNVD coverage) where the web UI accepts unfiltered user input, allowing an attacker to inject arbitrary JavaScript. The published descriptions state that this could enable script execution wi...
CVE-2017-1327
IBM iNotes versions 8.5 and 9.0 are affected by a cross-site scripting (XSS) vulnerability in the Web UI. The issue allows an attacker to embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. Connected documents corroborate ...
CVE-2017-1332
CVE-2017-1332 affects IBM iNotes 8.5 and 9.0, where a cross-site scripting flaw in the Web UI can allow an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Public data shows CVSS scores (NVD) of 6.1 (CVSS3.0) and 4.3 (CVSS2.0); explo...
CVE-2017-1421
IBM iNotes is reported with a Cross‑Site Scripting (XSS) vulnerability associated with CVE-2017-1421. The CNVD entry describes the flaw as arising from IBM iNotes failing to properly filter user-submitted input, enabling a remote attacker to inject arbitrary JavaScript into the Web UI. This can a...
CVE-2016-9990
IBM iNotes 8.5 and 9.0 are vulnerable to cross-site scripting via the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected product: IBM iNotes Web UI. Root cause: reflected/stored XSS in the Web UI (exact mechanism not ...
CVE-2017-1214
CVE-2017-1214 affects IBM iNotes 8.5 and 9.0 and is described in multiple sources as a remote information-disclosure vulnerability. The available documents indicate that a attacker could send a malformed e‑mail to a victim, and opening it could disclose information. Some sources (OpenVAS) referen...
CVE-2017-1325
The provided documents describe CVE-2017-1325 as a cross-site scripting vulnerability in IBM iNotes 8.5 and 9.0. The issue permits embedding arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. The NVD entry offers ...
CVE-2017-1659
CVE-2017-1659 concerns HCL iNotes (HCL Notes) with a Cross-Site Scripting (XSS) vulnerability. The available documents describe that an attacker could exploit this to steal a user’s cookie-based authentication credentials. No explicit remediation, affected versions, or specific exploit details ar...
CVE-2016-6113
CVE-2016-6113 concerns IBM Verse web UI, where a cross-site scripting vulnerability allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The description and related references confirm XSS impact; however, the provided documen...
CVE-2013-0589
IBM iNotes (also IBM Lotus iNotes) before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 is vulnerable to a remote information-disclosure via a crafted e-mail message that can bypass the remote image filtering mechanism. Exploitation would allow an attacker to obtain sensitive information from affected us...
CVE-2013-0592
IBM iNotes contains a Cross-Site Scripting (XSS) vulnerability in versions before 8.5.3 Fix Pack 6 and 9.x before 9.0.1. The flaw allows remote attackers to inject arbitrary script or HTML via unspecified vectors. Affected component is the iNotes web interface; root cause details are not provided...
CVE-2013-0594
The affected software is IBM iNotes (formerly IBM Lotus iNotes). Affected versions are IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1. The vulnerability is an open redirect that allows remote attackers to redirect users to arbitrary websites and potentially conduct phishing. The exact ro...