Lotus Domino Security Vulnerabilities and Issues — Lotus Domino CVE List

Lucene search

IbmLotus Domino

20 matches found

CVE•added 2014/05/09 1:55 a.m.•56 views

CVE-2014-0913

Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE.

4.3CVSS5.6AI score0.00266EPSS

CVE•added 2013/02/27 9:55 p.m.•54 views

CVE-2012-4844

Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00236EPSS

CVE•added 2005/09/21 9:3 p.m.•53 views

CVE-2005-3015

Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters.

4.3CVSS5.6AI score0.00353EPSS

CVE•added 2005/02/20 5:0 a.m.•52 views

CVE-2004-1621

NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2...

4.3CVSS6.1AI score0.01906EPSS

CVE•added 2013/08/09 7:55 p.m.•47 views

CVE-2013-3990

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2.

4.3CVSS5.7AI score0.00266EPSS

CVE•added 2011/09/19 12:2 p.m.•44 views

CVE-2011-3576

Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf.

4.3CVSS5.7AI score0.00202EPSS

CVE•added 2012/08/21 10:46 a.m.•44 views

CVE-2012-3302

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino ...

4.3CVSS5.5AI score0.00266EPSS

CVE•added 2004/01/20 5:0 a.m.•42 views

CVE-2004-0029

Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.

4.6CVSS6.9AI score0.00052EPSS

CVE•added 2013/12/21 2:22 p.m.•42 views

CVE-2013-4063

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.

4.3CVSS5.6AI score0.00236EPSS

CVE•added 2013/03/27 12:23 p.m.•41 views

CVE-2013-0488

Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00236EPSS

CVE•added 2013/03/27 12:23 p.m.•40 views

CVE-2013-0486

Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY.

4.3CVSS6.6AI score0.00681EPSS

CVE•added 2005/08/16 4:0 a.m.•39 views

CVE-2004-2310

Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.

4.3CVSS6AI score0.02535EPSS

CVE•added 2013/10/22 10:55 p.m.•39 views

CVE-2013-5389

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.

4.3CVSS5.8AI score0.00236EPSS

CVE•added 2010/03/05 5:30 p.m.•38 views

CVE-2010-0927

Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920.

4.3CVSS5.7AI score0.00289EPSS

CVE•added 2012/08/21 10:46 a.m.•38 views

CVE-2012-3301

Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.

4.3CVSS7AI score0.00257EPSS

CVE•added 2007/11/10 2:46 a.m.•37 views

CVE-2007-5924

Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.1AI score0.00427EPSS

CVE•added 2013/08/27 3:34 a.m.•35 views

CVE-2013-0595

Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3.

4.3CVSS5.7AI score0.00266EPSS

CVE•added 2007/03/29 9:19 p.m.•34 views

CVE-2006-4843

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.

4.3CVSS5.5AI score0.00759EPSS

CVE•added 2013/08/09 7:55 p.m.•34 views

CVE-2013-3032

4.3CVSS5.7AI score0.00266EPSS

CVE•added 2013/10/22 10:55 p.m.•33 views

CVE-2013-5388

4.3CVSS5.8AI score0.00236EPSS