| Vulnerability Name: | CVE-2009-3105 (CCN-53086) | ||||||||
| Assigned: | 2009-09-04 | ||||||||
| Published: | 2009-09-04 | ||||||||
| Updated: | 2017-08-17 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-3105 Source: CCN Type: SA36626 IBM Lotus Domino Web Access Cross-Site Scripting Vulnerability Source: SECUNIA Type: Vendor Advisory 36626 Source: CCN Type: IBM Support and Downloads Web site 8.0.1 Lotus iNotes (DWA) 211.241 Cumulative Interim Fix - Readme Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg27016745 Source: CCN Type: OSVDB ID: 57807 IBM Lotus Domino Web Access (DWA) iNotes Unspecified XSS Source: BID Type: UNKNOWN 36292 Source: CCN Type: BID-36292 IBM Lotus Domino Web Access Cross Site Scripting Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2009-2557 Source: XF Type: UNKNOWN domino-unspecified-xss(53086) Source: XF Type: UNKNOWN domino-unspecified-xss(53086) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||