Lotus Inotes
CVE-2012-5943
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9.
AnalysisAI
Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9. Affected products include: Ibm Lotus Inotes. Version information: before 8.5.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Lotus Inotes
View allBuffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x befo
Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to exe
ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject
Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remot
Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remot
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows re
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenti
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenti
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ult
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ult
Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today