4.3

CVE-2006-0663

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java
script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.56% 0.918
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/16340
Patch
Vendor Advisory
http://secunia.com/secunia_research/2005-38/advisory/
Patch
Vendor Advisory
http://securitytracker.com/id?1015610
Patch
Exploit
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919
Patch
http://www.osvdb.org/23077
Patch
http://www.securityfocus.com/bid/16577
Patch
Exploit
http://www.vupen.com/english/advisories/2006/0499
Vendor Advisory
http://www.osvdb.org/23078
Patch
http://www.osvdb.org/23079
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/24611
https://exchange.xforce.ibmcloud.com/vulnerabilities/24613
https://exchange.xforce.ibmcloud.com/vulnerabilities/24614