CVE-2015-1981

Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5.
References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21959908 Patch Vendor Advisory
http://www.securityfocus.com/bid/74908 Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2015/Jun/56 Mailing List Third Party Advisory
http://www.securitytracker.com/id/1032673 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*

Information

Published : 2015-06-28 07:59

Updated : 2019-10-16 05:40


NVD link : CVE-2015-1981

Mitre link : CVE-2015-1981


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

ibm

  • domino