Vulnerabilities > IBM > Lotus Inotes > 8.5.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-11-24 | CVE-2016-0282 | Cross-site Scripting vulnerability in IBM Lotus Inotes Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS. | 3.5 |
2013-08-27 | CVE-2013-0595 | Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3. | 4.3 |
2013-08-27 | CVE-2013-0591 | Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590. | 3.5 |
2013-08-27 | CVE-2013-0590 | Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591. | 3.5 |
2013-06-21 | CVE-2013-0536 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Inotes, Lotus Notes and Lotus Notes Traveler ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24. | 7.2 |
2013-03-26 | CVE-2013-0525 | Cross-Site Scripting vulnerability in IBM Lotus Inotes Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX. | 1.5 |
2013-03-26 | CVE-2012-5943 | Cross-Site Scripting vulnerability in IBM Lotus Inotes Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9. | 4.3 |
2012-06-20 | CVE-2012-2175 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Inotes Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument. | 9.3 |
2010-03-03 | CVE-2010-0921 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Inotes Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." | 6.8 |
2010-03-03 | CVE-2010-0920 | Cross-Site Scripting vulnerability in IBM Lotus Inotes Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." | 4.3 |