CVE-2013-3032

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21644599	Patch
http://www-01.ibm.com/support/docview.wss?uid=swg21645503	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/84622

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_domino:8.5.0:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.0.1:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1.1:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1.2:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1.3:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1.4:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.1.5:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.2.0:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.2.1:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.2.2:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.2.3:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.2.4:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.3.0:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.3.1:::::::*
	cpe:2.3:a:ibm:lotus_domino:8.5.3.2:::::::*
	cpe:2.3:a:ibm:lotus_domino:9.0.0.0:::::::*

History

No history.

Information

Published : 2013-08-09 19:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-3032

Mitre link : CVE-2013-3032

CVE.ORG link : CVE-2013-3032

JSON object : View

Products Affected

ibm

lotus_domino

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2013-3032", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-08-09T19:55:06.397", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599", "tags": ["Patch"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84622", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA."}, {"lang": "es", "value": "Vulnerabilidad Cross-site scripting (XSS) en la funcionalidad MIME e-mail en iNotes en IBM Domino v9.0 anterior a IF3 permite a atacantes remotos inyectar c\u00f3digo script o HTML a trav\u00e9s de vectores sin especificar, tambi\u00e9n conocido como SPR PTHN986NAA."}], "lastModified": "2017-08-29T01:33:20.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589"}, {"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}