Lucene search
+L
IbmInotes

20 matches found

CVE
CVE
added 2017/09/05 9:0 p.m.80 views

CVE-2017-1129

CVE-2017-1129 describes a denial-of-service in IBM Notes 8.5 and 9.0, triggered by persuading a user to click a malicious link. The vulnerability affects the native browser component bundled with IBM Lotus Notes and can cause the Notes client to hang and require a restart. Public PoCs and exploit...

6.5CVSS6.2AI score0.30074EPSS
CVE
CVE
added 2017/09/05 9:0 p.m.76 views

CVE-2017-1130

IBM Notes (versions 8.5 and 9.0) is vulnerable to a denial-of-service vulnerability described in CVE-2017-1130. The issue arises when a user is duped into clicking a malicious link, which triggers a flood of file-dialog boxes and can cause the Notes client to hang and require restart. Connected s...

6.5CVSS6.2AI score0.29222EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.64 views

CVE-2016-5882

The CVE-2016-5882 entry corresponds to an XSS vulnerability in IBM iNotes (Web UI) that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. The connected documents corroborate cross-site scripting in IBM Domino/iNotes compo...

6.1CVSS5.9AI score0.00961EPSS
CVE
CVE
added 2017/02/23 4:0 p.m.62 views

CVE-2016-5883

IBM iNotes (Lotus Domino) 8.5 and 9.0 are vulnerable to cross-site scripting due to insufficient input filtering in the Web UI, enabling attackers to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. Exploitation and in-the-wild details are not provided in...

6.1CVSS5.9AI score0.01103EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.61 views

CVE-2016-5880

CVE-2016-5880 is an IBM iNotes (and Domino) cross-site scripting vulnerability described as allowing arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Public sources (NVD/CNVD/PRION and Nessus reference) attribute the issue to improper inp...

5.4CVSS5.2AI score0.00717EPSS
CVE
CVE
added 2017/02/01 10:0 p.m.59 views

CVE-2016-5881

CVE-2016-5881 : The IBM iNotes web UI is vulnerable to cross-site scripting (XSS), allowing an attacker to embed arbitrary JavaScript in the UI and potentially disclose credentials within a trusted session. The description specifies XSS in the iNotes component but does not provide precise exploit...

6.1CVSS5.9AI score0.00961EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.59 views

CVE-2016-5884

IBM iNotes is vulnerable to cross-site scripting in the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The vulnerability is described across multiple sources as an XSS issue in the iNotes component and Domino-related entri...

6.1CVSS5.9AI score0.00961EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.56 views

CVE-2016-2938

CVE-2016-2938 affects IBM iNotes (and Domino web UI) with a cross-site scripting (XSS) vulnerability due to improper input validation, allowing an attacker to inject arbitrary JavaScript in a trusted user session and potentially disclose credentials. Affected component is the Web UI; underlying c...

6.1CVSS5.9AI score0.00961EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.55 views

CVE-2016-2939

CVE-2016-2939 corresponds to a cross-site scripting vulnerability affecting IBM iNotes (and IBM Domino in CNVD coverage) where the web UI accepts unfiltered user input, allowing an attacker to inject arbitrary JavaScript. The published descriptions state that this could enable script execution wi...

6.1CVSS5.9AI score0.00961EPSS
CVE
CVE
added 2017/08/03 3:0 p.m.54 views

CVE-2017-1327

IBM iNotes versions 8.5 and 9.0 are affected by a cross-site scripting (XSS) vulnerability in the Web UI. The issue allows an attacker to embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. Connected documents corroborate ...

6.1CVSS5.8AI score0.00966EPSS
CVE
CVE
added 2017/07/31 9:0 p.m.54 views

CVE-2017-1332

CVE-2017-1332 affects IBM iNotes 8.5 and 9.0, where a cross-site scripting flaw in the Web UI can allow an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Public data shows CVSS scores (NVD) of 6.1 (CVSS3.0) and 4.3 (CVSS2.0); explo...

6.1CVSS5.8AI score0.00977EPSS
CVE
CVE
added 2017/12/13 6:0 p.m.54 views

CVE-2017-1421

IBM iNotes is reported with a Cross‑Site Scripting (XSS) vulnerability associated with CVE-2017-1421. The CNVD entry describes the flaw as arising from IBM iNotes failing to properly filter user-submitted input, enabling a remote attacker to inject arbitrary JavaScript into the Web UI. This can a...

6.1CVSS5.9AI score0.01054EPSS
CVE
CVE
added 2017/03/31 6:0 p.m.53 views

CVE-2016-9990

IBM iNotes 8.5 and 9.0 are vulnerable to cross-site scripting via the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected product: IBM iNotes Web UI. Root cause: reflected/stored XSS in the Web UI (exact mechanism not ...

6.1CVSS5.9AI score0.01254EPSS
CVE
CVE
added 2017/06/12 7:0 p.m.52 views

CVE-2017-1214

CVE-2017-1214 affects IBM iNotes 8.5 and 9.0 and is described in multiple sources as a remote information-disclosure vulnerability. The available documents indicate that a attacker could send a malformed e‑mail to a victim, and opening it could disclose information. Some sources (OpenVAS) referen...

5.7CVSS5.2AI score0.01296EPSS
CVE
CVE
added 2017/05/26 4:0 p.m.51 views

CVE-2017-1325

The provided documents describe CVE-2017-1325 as a cross-site scripting vulnerability in IBM iNotes 8.5 and 9.0. The issue permits embedding arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. The NVD entry offers ...

6.1CVSS5.8AI score0.00846EPSS
CVE
CVE
added 2020/07/01 1:45 p.m.51 views

CVE-2017-1659

CVE-2017-1659 concerns HCL iNotes (HCL Notes) with a Cross-Site Scripting (XSS) vulnerability. The available documents describe that an attacker could exploit this to steal a user’s cookie-based authentication credentials. No explicit remediation, affected versions, or specific exploit details ar...

6.1CVSS6AI score0.00666EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.50 views

CVE-2016-6113

CVE-2016-6113 concerns IBM Verse web UI, where a cross-site scripting vulnerability allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The description and related references confirm XSS impact; however, the provided documen...

6.1CVSS5.9AI score0.00961EPSS
CVE
CVE
added 2018/07/11 4:0 p.m.43 views

CVE-2013-0589

IBM iNotes (also IBM Lotus iNotes) before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 is vulnerable to a remote information-disclosure via a crafted e-mail message that can bypass the remote image filtering mechanism. Exploitation would allow an attacker to obtain sensitive information from affected us...

7.5CVSS7AI score0.01764EPSS
CVE
CVE
added 2018/07/11 4:0 p.m.43 views

CVE-2013-0592

IBM iNotes contains a Cross-Site Scripting (XSS) vulnerability in versions before 8.5.3 Fix Pack 6 and 9.x before 9.0.1. The flaw allows remote attackers to inject arbitrary script or HTML via unspecified vectors. Affected component is the iNotes web interface; root cause details are not provided...

5.4CVSS5AI score0.00699EPSS
CVE
CVE
added 2018/07/11 4:0 p.m.41 views

CVE-2013-0594

The affected software is IBM iNotes (formerly IBM Lotus iNotes). Affected versions are IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1. The vulnerability is an open redirect that allows remote attackers to redirect users to arbitrary websites and potentially conduct phishing. The exact ro...

6.1CVSS5.9AI score0.0125EPSS