CVE-2015-1981

EUVD-2015-2086
Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
ibmdomino
8.5.0
ibmdomino
8.5.1
ibmdomino
8.5.2
ibmdomino
8.5.3
ibmdomino
9.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2015/Jun/56
http://www-01.ibm.com/support/docview.wss?uid=swg21959908
http://www.securityfocus.com/bid/74908
http://www.securitytracker.com/id/1032673
http://seclists.org/fulldisclosure/2015/Jun/56
http://www-01.ibm.com/support/docview.wss?uid=swg21959908
http://www.securityfocus.com/bid/74908
http://www.securitytracker.com/id/1032673