4.3

CVE-2004-1621

Exploit

EPSS 4.01%
Veröffentlicht 18.10.2004 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

NOTE: this issue has been disputed by the vendor.  Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields.  NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Lotus Domino Version6.0

Ibm ≫ Lotus Domino Version6.0.1

Ibm ≫ Lotus Domino Version6.0.2

Ibm ≫ Lotus Domino Version6.0.2_cf2

Ibm ≫ Lotus Domino Version6.0.3

Ibm ≫ Lotus Domino Version6.5.0

Ibm ≫ Lotus Domino Version6.5.1

Ibm ≫ Lotus Domino Version6.5.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.01%	0.88

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://marc.info/?l=bugtraq&m=109812960023736&w=2

http://marc.info/?l=bugtraq&m=109841682529328&w=2

http://secunia.com/advisories/12891

Vendor Advisory

Exploit

http://securitytracker.com/id?1011779

Vendor Advisory

Exploit

http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21187833

Vendor Advisory

Exploit

http://www.kb.cert.org/vuls/id/404382

US Government Resource

http://www.securityfocus.com/bid/11458

Vendor Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/17758

https://nvd.nist.gov/vuln/detail/CVE-2004-1621

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-1621

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-1621

EUVD