CVE-2006-0662 - Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers

CVE-2006-0662

Summary

Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.

References

Vulnerable Configurations

cpe:2.3:a:ibm:lotus_domino_inotes_client:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_inotes_client:6.5.4:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	16577
confirm	http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919
misc	http://secunia.com/secunia_research/2005-38/advisory/
osvdb	23077
sectrack	1015610
secunia	16340
vupen	ADV-2006-0499
xf	domino-webaccess-subject-xss(24612)

Last major update

20-07-2017 - 01:29

Published

13-02-2006 - 11:06

Last modified

20-07-2017 - 01:29