CVE-2010-0920

Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."

Published: Mar 3, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-0920
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ibm / lotus_inotes	-	229.271.x
ibm / lotus_inotes	229.011	229.011.x
ibm / lotus_inotes	229.021	229.021.x
ibm / lotus_inotes	229.031	229.031.x
ibm / lotus_inotes	229.041	229.041.x
ibm / lotus_inotes	229.051	229.051.x
ibm / lotus_inotes	229.061	229.061.x
ibm / lotus_inotes	229.101	229.101.x
ibm / lotus_inotes	229.111	229.111.x
ibm / lotus_inotes	229.131	229.131.x
ibm / lotus_inotes	229.141	229.141.x
ibm / lotus_inotes	229.151	229.151.x
ibm / lotus_inotes	229.161	229.161.x
ibm / lotus_inotes	229.171	229.171.x
ibm / lotus_inotes	229.181	229.181.x
ibm / lotus_inotes	229.191	229.191.x
ibm / lotus_inotes	229.201	229.201.x
ibm / lotus_inotes	229.211	229.211.x
ibm / lotus_inotes	229.221	229.221.x
ibm / lotus_inotes	229.231	229.231.x
ibm / lotus_inotes	229.241	229.241.x
ibm / lotus_inotes	229.251	229.251.x
ibm / lotus_inotes	229.261	229.261.x

Vulnerability Database

289,784

CVE-2010-0920