|
[Japanese]
|
JVNDB-2007-000802
|
Lotus Domino cross-site scripting vulnerability
|
|
IBM Lotus Domino contains a cross-site scripting vulnerability.
IBM Lotus Domino is server software for Lotus Notes, groupware from IBM.
Lotus Domino contains a cross-site scripting vulnerability.
|
|
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
IBM Corporation
- IBM Domino (formerly IBM Lotus Domino) 6.0.X
- IBM Domino (formerly IBM Lotus Domino) 6.5.X
- IBM Domino (formerly IBM Lotus Domino) 7.0.X
|
|
|
An attacker could execute an arbitrary script on the web browser of a user who accesses a Lotus Domino server.
|
|
[Update the Software]
For Lotus Domino 6.5.X and 7.0.X users:
Apply the latest updates provided by the vendor.
Latest updates:
Lotus Domino 6.5.6 Fix Pack 2 (FP2)
Lotus Domino 7.0.2 Fix Pack 2 (FP2)
Lotus Domino 7.0.3
Lotus Domino 8.0
For Lotus Domino 6.0.X users:
As of April 30, 2007, IBM has announced the Lotus Notes and Domino version 6.0.X is no longer supported. The vendor recommends that users of versions prior to Lotus Domino 6.5.X upgrade to version 6.5.X or upper versions.
For more information, refer to the vendor's website.
|
|
IBM Corporation
|
|
- Cross-site Scripting(CWE-79) [NVD Evaluation]
|
|
- CVE-2007-5924
|
|
- JVN : JVN#84565055
- National Vulnerability Database (NVD) : CVE-2007-5924
- Secunia Advisory : SA27509
- SecurityFocus : 26298
- FrSIRT Advisories : FrSIRT/ADV-2007-3700
|
|
- [2008/05/21]
Web page published
|
