Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.901014
Category:General
Title:IBM Lotus Notes RSS Reader Widget HTML Injection Vulnerability (Windows)
Summary:This host has IBM Lotus Notes installed and is prone to HTML;Injection vulnerability.
Description:Summary:
This host has IBM Lotus Notes installed and is prone to HTML
Injection vulnerability.

Vulnerability Insight:
The flaw is due to error in the RSS reader widget, caused when
items are saved from an RSS feed as local HTML documents. This can be exploited
via a crafted feed.

Vulnerability Impact:
Successful exploitation will allow attackers to steal
cookie-based authentication credentials.

Affected Software/OS:
IBM Lotus Notes Version 8.5 on Windows.

Solution:
The Vendor has released a patch to fix the issue. Please see the
references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 36305
Common Vulnerability Exposure (CVE) ID: CVE-2009-3114
http://www.securityfocus.com/bid/36305
Bugtraq: 20090908 [scip_Advisory 4021] IBM Lotus Notes 8.5 RSS Widget Privilege Escalation (Google Search)
http://www.securityfocus.com/archive/1/506296/100/0/threaded
http://www.scip.ch/?vuldb.4021
http://secunia.com/advisories/36813
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.