CVE-2013-0590: XSS
First published: Tue Aug 27 2013(Updated: )
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Domino | =8.5.0 | |
| IBM Domino | =8.5.0.1 | |
| IBM Domino | =8.5.1 | |
| IBM Domino | =8.5.1.1 | |
| IBM Domino | =8.5.1.2 | |
| IBM Domino | =8.5.1.3 | |
| IBM Domino | =8.5.1.4 | |
| IBM Domino | =8.5.1.5 | |
| IBM Domino | =8.5.2.0 | |
| IBM Domino | =8.5.2.1 | |
| IBM Domino | =8.5.2.2 | |
| IBM Domino | =8.5.2.3 | |
| IBM Domino | =8.5.2.4 | |
| IBM Domino | =8.5.3.0 | |
| IBM Domino | =8.5.3.1 | |
| IBM Domino | =8.5.3.2 | |
| IBM Domino | =8.5.3.3 | |
| IBM Domino | =8.5.3.4 | |
| IBM Lotus iNotes | =8.5.0.0 | |
| IBM Lotus iNotes | =8.5.1.0 | |
| IBM Lotus iNotes | =8.5.2.0 | |
| IBM Lotus iNotes | =8.5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-0590?
CVE-2013-0590 is considered a medium severity vulnerability due to its potential to allow remote authenticated users to exploit cross-site scripting (XSS) flaws.
How do I fix CVE-2013-0590?
To fix CVE-2013-0590, upgrade your IBM Lotus Domino or iNotes to version 8.5.3 FP5 or later.
Who is affected by CVE-2013-0590?
CVE-2013-0590 affects users of IBM Lotus Domino versions 8.5.0 to 8.5.3.4 and IBM Lotus iNotes versions 8.5.0 to 8.5.3.0.
What is the impact of CVE-2013-0590 if exploited?
If exploited, CVE-2013-0590 could allow an attacker to inject arbitrary web scripts or HTML, compromising user sessions or sensitive information.
Is CVE-2013-0590 related to any other vulnerabilities?
Yes, CVE-2013-0590 is a different vulnerability than CVE-2013-0591, though both involve cross-site scripting issues.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm domino
- version/ibm domino/8.5.0
- version/ibm domino/8.5.0.1
- version/ibm domino/8.5.1
- version/ibm domino/8.5.1.1
- version/ibm domino/8.5.1.2
- version/ibm domino/8.5.1.3
- version/ibm domino/8.5.1.4
- version/ibm domino/8.5.1.5
- version/ibm domino/8.5.2.0
- version/ibm domino/8.5.2.1
- version/ibm domino/8.5.2.2
- version/ibm domino/8.5.2.3
- version/ibm domino/8.5.2.4
- version/ibm domino/8.5.3.0
- version/ibm domino/8.5.3.1
- version/ibm domino/8.5.3.2
- version/ibm domino/8.5.3.3
- version/ibm domino/8.5.3.4
- canonical/ibm lotus inotes
- version/ibm lotus inotes/8.5.0.0
- version/ibm lotus inotes/8.5.1.0
- version/ibm lotus inotes/8.5.2.0
- version/ibm lotus inotes/8.5.3.0