CVE-2004-1621
IBM Lotus Domino 6.x - Cross-Site Scripting / HTML Injection
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-10-18 CVE Published
- 2004-10-18 First Exploit
- 2005-02-20 CVE Reserved
- 2024-01-28 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109812960023736&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=109841682529328&w=2 | Mailing List | |
| http://www.kb.cert.org/vuls/id/404382 | Third Party Advisory |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17758 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/24690 | 2004-10-18 | |
| http://secunia.com/advisories/12891 | 2024-08-08 | |
| http://securitytracker.com/id?1011779 | 2024-08-08 | |
| http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21187833 | 2024-08-08 | |
| http://www.securityfocus.com/bid/11458 | 2024-08-08 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 6.0 Search vendor "Ibm" for product "Lotus Domino" and version "6.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 6.0.1 Search vendor "Ibm" for product "Lotus Domino" and version "6.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 6.0.2 Search vendor "Ibm" for product "Lotus Domino" and version "6.0.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 6.0.2_cf2 Search vendor "Ibm" for product "Lotus Domino" and version "6.0.2_cf2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 6.0.3 Search vendor "Ibm" for product "Lotus Domino" and version "6.0.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 6.5.0 Search vendor "Ibm" for product "Lotus Domino" and version "6.5.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 6.5.1 Search vendor "Ibm" for product "Lotus Domino" and version "6.5.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 6.5.2 Search vendor "Ibm" for product "Lotus Domino" and version "6.5.2" | - |
Affected
| ||||||