CVE-2010-0920: XSS
First published: Wed Mar 03 2010(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM iNotes | <=229.271 | |
| IBM iNotes | =229.011 | |
| IBM iNotes | =229.021 | |
| IBM iNotes | =229.031 | |
| IBM iNotes | =229.041 | |
| IBM iNotes | =229.051 | |
| IBM iNotes | =229.061 | |
| IBM iNotes | =229.101 | |
| IBM iNotes | =229.111 | |
| IBM iNotes | =229.131 | |
| IBM iNotes | =229.141 | |
| IBM iNotes | =229.151 | |
| IBM iNotes | =229.161 | |
| IBM iNotes | =229.171 | |
| IBM iNotes | =229.181 | |
| IBM iNotes | =229.191 | |
| IBM iNotes | =229.201 | |
| IBM iNotes | =229.211 | |
| IBM iNotes | =229.221 | |
| IBM iNotes | =229.231 | |
| IBM iNotes | =229.241 | |
| IBM iNotes | =229.251 | |
| IBM iNotes | =229.261 | |
| IBM Lotus Domino R5 | =8.0.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-0920?
CVE-2010-0920 is considered a medium-risk vulnerability due to its nature of allowing cross-site scripting (XSS) attacks.
How do I fix CVE-2010-0920?
To remediate CVE-2010-0920, you should upgrade to a patched version of IBM Lotus iNotes that is 229.281 or later.
What types of attacks can be performed using CVE-2010-0920?
Exploiting CVE-2010-0920 allows attackers to inject arbitrary web scripts or HTML into user sessions.
What versions of IBM Lotus iNotes are affected by CVE-2010-0920?
CVE-2010-0920 affects all versions of IBM Lotus iNotes prior to version 229.281.
Is IBM Lotus Domino also affected by CVE-2010-0920?
IBM Lotus Domino itself is not affected by CVE-2010-0920, but the vulnerability is present in the associated IBM Lotus iNotes.
- collector/nvd-historical
- agent/weakness
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm inotes
- version/ibm inotes/229.271
- version/ibm inotes/229.011
- version/ibm inotes/229.021
- version/ibm inotes/229.031
- version/ibm inotes/229.041
- version/ibm inotes/229.051
- version/ibm inotes/229.061
- version/ibm inotes/229.101
- version/ibm inotes/229.111
- version/ibm inotes/229.131
- version/ibm inotes/229.141
- version/ibm inotes/229.151
- version/ibm inotes/229.161
- version/ibm inotes/229.171
- version/ibm inotes/229.181
- version/ibm inotes/229.191
- version/ibm inotes/229.201
- version/ibm inotes/229.211
- version/ibm inotes/229.221
- version/ibm inotes/229.231
- version/ibm inotes/229.241
- version/ibm inotes/229.251
- version/ibm inotes/229.261
- canonical/ibm lotus domino r5
- version/ibm lotus domino r5/8.0.2.4