4.3

CVE-2006-4843

Exploit

EPSS 0.76%
Published 29.03.2007 21:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Lotus Domino Version6.5.0

Ibm ≫ Lotus Domino Version6.5.1

Ibm ≫ Lotus Domino Version6.5.2

Ibm ≫ Lotus Domino Version6.5.3

Ibm ≫ Lotus Domino Version6.5.4

Ibm ≫ Lotus Domino Version6.5.4 Editionfp1

Ibm ≫ Lotus Domino Version6.5.4 Editionfp2

Ibm ≫ Lotus Domino Version6.5.5

Ibm ≫ Lotus Domino Version6.5.5 Editionfp1

Ibm ≫ Lotus Domino Version6.5.5 Editionfp2

Ibm ≫ Lotus Domino Version7.0

Ibm ≫ Lotus Domino Version7.0.1

Ibm ≫ Lotus Domino Version7.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.76%	0.723

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://secunia.com/advisories/24633

Vendor Advisory

Exploit

http://www.securityfocus.com/bid/23173

http://www.vupen.com/english/advisories/2007/1133

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493

Vendor Advisory

http://www-1.ibm.com/support/docview.wss?uid=swg21257026

http://www.securitytracker.com/id?1017824

https://exchange.xforce.ibmcloud.com/vulnerabilities/33280

https://nvd.nist.gov/vuln/detail/CVE-2006-4843

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4843

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4843

EUVD