CVE-2005-3015

Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850
http://www.securityfocus.com/bid/14845	Exploit Patch
http://www.securityfocus.com/bid/14846	Exploit Patch
http://secunia.com/advisories/16830
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg1LO07849&loc=en_US&cs=utf-8&cc=us&lang=all

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_domino:6.5.2:::::::*
	cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:::::::*

Information

Published : 2005-09-21 14:03

Updated : 2008-09-05 13:53

NVD link : CVE-2005-3015

Mitre link : CVE-2005-3015

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ibm

lotus_domino
lotus_domino_enterprise_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850", "name": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/14845", "name": "14845", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/14846", "name": "14846", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/16830", "name": "16830", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg1LO07849&loc=en_US&cs=utf-8&cc=us&lang=all", "name": "http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg1LO07849&loc=en_US&cs=utf-8&cc=us&lang=all", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-3015", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-09-21T21:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:53Z"}

4.3 /10