Computer Security
[EN] securityvulns.ru no-pyccku


IBM Lotus Domino crossite scripting
updated since 02.09.2012
Published:01.04.2013
Source:
SecurityVulns ID:12564
Type:remote
Threat Level:
5/10
Description:Crossite scripting and response splutting.
Affected:IBM : Lotus Domino 8.5
CVE:CVE-2012-3302 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server.)
 CVE-2012-3301 (Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.)
Original documentdocumentMustLive, Multiple XSS vulnerabilities in IBM Lotus Domino (01.04.2013)
 documentMustLive, HTTP Response Splitting and XSS vulnerabilities in IBM Lotus Domino (09.09.2012)
 documentMustLive, XSS and IL vulnerabilities in IBM Lotus Domino (03.09.2012)
 documentMustLive, IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities (02.09.2012)
Files:IBM Security Bulletin: Aug-2012 IBM Lotus Domino Web Server Cross-Site Scripting Vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod