CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2010-0275
https://notcve.org/view.php?id=CVE-2010-0275
Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58. Modo Ultra-light en IBM Lotus iNotes (también conocido como Domino Web Access o DWA) anterior a v229.241 para Domino v8.0.2 FP3 no maneja adecuadamente secuencias de comando en la URL status-alerts, tiene un impacto y vectores de ataque sin especificar, también conocido como SPR LSHR7TBM58. • http://secunia.com/advisories/38026 http://www-01.ibm.com/support/docview.wss?uid=swg27017776 http://www.securityfocus.com/bid/37675 http://www.vupen.com/english/advisories/2010/0077 https://exchange.xforce.ibmcloud.com/vulnerabilities/55471 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 4CVE-2006-0663 – IBM Lotus Domino 6.x/7.0 - iNotes JavaScript: Filter Bypass
https://notcve.org/view.php?id=CVE-2006-0663
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. • https://www.exploit-db.com/exploits/27181 https://www.exploit-db.com/exploits/27182 http://secunia.com/advisories/16340 http://secunia.com/secunia_research/2005-38/advisory http://securitytracker.com/id?1015610 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919 http://www.osvdb.org/23077 http://www.osvdb.org/23078 http://www.osvdb.org/23079 http://www.securityfocus.com/bid/16577 http://www.vupen.com/english/advisories/2006/0499 https://exchange&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0662
https://notcve.org/view.php?id=CVE-2006-0662
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. • http://secunia.com/advisories/16340 http://secunia.com/secunia_research/2005-38/advisory http://securitytracker.com/id?1015610 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919 http://www.osvdb.org/23077 http://www.securityfocus.com/bid/16577 http://www.vupen.com/english/advisories/2006/0499 https://exchange.xforce.ibmcloud.com/vulnerabilities/24612 •