CVE-2010-0927

Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action.  NOTE: this may overlap CVE-2010-0920.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
ibmlotus_domino
7.0
ibmlotus_domino
7.0.1
ibmlotus_domino
7.0.1.1
ibmlotus_domino
7.0.2
ibmlotus_domino
7.0.2.1
ibmlotus_domino
7.0.2.2
ibmlotus_domino
7.0.2.3
ibmlotus_domino
7.0.3
ibmlotus_domino
7.0.3.1
ibmlotus_domino
8.0
ibmlotus_domino
8.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf
http://www.securityfocus.com/bid/38481
http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf
http://www.securityfocus.com/bid/38481