Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Domino Inotes Client | 6.5.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/16340PatchVendor Advisory
- http://secunia.com/secunia_research/2005-38/advisory/PatchVendor Advisory
- http://securitytracker.com/id?1015610ExploitPatch
- http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919Patch
- http://www.osvdb.org/23077Patch
- http://www.osvdb.org/23078Patch
- http://www.osvdb.org/23079Patch
- http://www.securityfocus.com/bid/16577ExploitPatch
- http://www.vupen.com/english/advisories/2006/0499Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24611
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24613
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24614
- http://secunia.com/advisories/16340PatchVendor Advisory
- http://secunia.com/secunia_research/2005-38/advisory/PatchVendor Advisory
- http://securitytracker.com/id?1015610ExploitPatch
FAQ
What is CVE-2006-0663?
CVE-2006-0663 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded j...
How severe is CVE-2006-0663?
CVE-2006-0663 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0663?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Domino Inotes Client.