Vulnerability Name:

CVE-2006-0662 (CCN-24612)

Assigned:2006-02-10
Published:2006-02-10
Updated:2017-07-20
Summary:Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-0662

Source: CCN
Type: SA16340
IBM Lotus Domino Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
16340

Source: MISC
Type: Patch, Vendor Advisory
http://secunia.com/secunia_research/2005-38/advisory/

Source: CCN
Type: SECTRACK ID: 1015610
IBM Domino Web Access Input Validation Flaws Permit Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1015610

Source: CCN
Type: Lotus Support Services Technote 1229919
Potential Script Insertion Vulnerabilities in Domino Web Access

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919

Source: CCN
Type: IBM Software Support Web site
Lotus Support

Source: OSVDB
Type: UNKNOWN
23077

Source: CCN
Type: OSVDB ID: 23077
IBM Lotus Domino iNotes Attached File XSS

Source: BID
Type: UNKNOWN
16577

Source: CCN
Type: BID-16577
IBM Lotus Domino iNotes Multiple HTML and Script Injection Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-0499

Source: XF
Type: UNKNOWN
domino-webaccess-subject-xss(24612)

Source: XF
Type: UNKNOWN
domino-webaccess-subject-xss(24612)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:lotus_domino_inotes_client:6.5.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:domino_web_access:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:6.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino_web_access:6.0.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_xp:::professional:*:*:*:*:*
  • OR cpe:/o:ibm:i5os:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm lotus domino inotes client 6.5.4
    ibm domino web access 6.0.1
    ibm domino web access 6.0
    ibm domino web access 6.0.3
    ibm domino web access 6.5.3
    ibm domino web access 6.5.2
    ibm domino web access 6.5.1
    ibm domino web access 6.5
    ibm domino web access 6.0.4
    ibm domino web access 6.5.4
    ibm domino web access 6.0.1.1
    ibm domino web access 7.0
    ibm domino web access 6.0.5
    microsoft windows xp
    ibm i5os *