CVE-2010-0927

Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:7.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:7.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:7.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:7.0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:7.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:13

Type Values Removed Values Added
References () http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf - Exploit () http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf - Exploit
References () http://www.securityfocus.com/bid/38481 - Exploit () http://www.securityfocus.com/bid/38481 - Exploit

Information

Published : 2010-03-05 17:30

Updated : 2024-11-21 01:13


NVD link : CVE-2010-0927

Mitre link : CVE-2010-0927

CVE.ORG link : CVE-2010-0927


JSON object : View

Products Affected

ibm

  • lotus_domino
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')