Vulnerability Description
Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Domino | 8.5.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2015/Jun/56Mailing ListThird Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959908PatchVendor Advisory
- http://www.securityfocus.com/bid/74908Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032673Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Jun/56Mailing ListThird Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959908PatchVendor Advisory
- http://www.securityfocus.com/bid/74908Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032673Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-1981?
CVE-2015-1981 is a vulnerability with a CVSS score of 2.1 (LOW). Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbit...
How severe is CVE-2015-1981?
CVE-2015-1981 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1981?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Domino.