PT-2007-3286 · Ibm · Ibm Lotus Notes+1
Publicado
2007-04-11
·
Atualizado
2008-09-05
·
CVE-2007-1941
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Lotus Notes versions prior to 6.5.6
IBM Lotus Notes versions 7.x prior to 7.0.2 FP1
Description
A cross-site scripting (XSS) issue exists in the Active Content Filter feature of Domino Web Access (DWA) in IBM Lotus Notes. This allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message.
Recommendations
For versions prior to 6.5.6, update to version 6.5.6 or later.
For versions 7.x prior to 7.0.2 FP1, update to version 7.0.2 FP1 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Domino Web Access
Ibm Lotus Notes