CVE-2015-1981

Опубликовано: 28 июн. 2015

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5.

Ссылки

http://seclists.org/fulldisclosure/2015/Jun/56
Mailing List
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959908
Patch
Vendor Advisory
http://www.securityfocus.com/bid/74908
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032673
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jun/56
Mailing List
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959908
Patch
Vendor Advisory
http://www.securityfocus.com/bid/74908
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032673
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00295

Низкий

2.1 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-27xx-9jff-78j2

github

больше 3 лет назад