| Vulnerability Name: | CVE-2015-1981 (CCN-103742) | ||||||||
| Assigned: | 2015-06-23 | ||||||||
| Published: | 2015-06-23 | ||||||||
| Updated: | 2019-10-16 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N) 1.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-1981 Source: FULLDISC Type: Mailing List, Third Party Advisory 20150619 IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981) Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21959908 Source: CCN Type: IBM Security Bulletin 1959908 IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981) Source: BID Type: Third Party Advisory, VDB Entry 74908 Source: CCN Type: BID-74908 IBM Domino Remote Cross Site Scripting Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1032673 Source: XF Type: UNKNOWN ibm-domino-cve20151981-xss(103742) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||