CVE-2013-0595: XSS
First published: Tue Aug 27 2013(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Domino | =8.5.0 | |
| IBM Domino | =8.5.0.1 | |
| IBM Domino | =8.5.1 | |
| IBM Domino | =8.5.1.1 | |
| IBM Domino | =8.5.1.2 | |
| IBM Domino | =8.5.1.3 | |
| IBM Domino | =8.5.1.4 | |
| IBM Domino | =8.5.1.5 | |
| IBM Domino | =8.5.2.0 | |
| IBM Domino | =8.5.2.1 | |
| IBM Domino | =8.5.2.2 | |
| IBM Domino | =8.5.2.3 | |
| IBM Domino | =8.5.2.4 | |
| IBM Domino | =8.5.3.0 | |
| IBM Domino | =8.5.3.1 | |
| IBM Domino | =8.5.3.2 | |
| IBM Domino | =8.5.3.3 | |
| IBM Domino | =8.5.3.4 | |
| IBM Lotus iNotes | =8.5.0.0 | |
| IBM Lotus iNotes | =8.5.1.0 | |
| IBM Lotus iNotes | =8.5.2.0 | |
| IBM Lotus iNotes | =8.5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-0595?
CVE-2013-0595 is classified as a medium severity vulnerability due to its ability to allow cross-site scripting attacks.
How do I fix CVE-2013-0595?
To fix CVE-2013-0595, users should upgrade to IBM Lotus Domino 8.5.3 FP5 or later as it contains the necessary patches.
What types of attacks are possible with CVE-2013-0595?
CVE-2013-0595 enables attackers to perform cross-site scripting attacks which can lead to data theft and unauthorized actions.
Which software versions are affected by CVE-2013-0595?
CVE-2013-0595 affects multiple versions of IBM Lotus Domino and IBM Lotus iNotes prior to version 8.5.3 FP5.
Are there any workarounds for CVE-2013-0595?
There are no effective workarounds for CVE-2013-0595, making it essential to apply the software update.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm domino
- version/ibm domino/8.5.0
- version/ibm domino/8.5.0.1
- version/ibm domino/8.5.1
- version/ibm domino/8.5.1.1
- version/ibm domino/8.5.1.2
- version/ibm domino/8.5.1.3
- version/ibm domino/8.5.1.4
- version/ibm domino/8.5.1.5
- version/ibm domino/8.5.2.0
- version/ibm domino/8.5.2.1
- version/ibm domino/8.5.2.2
- version/ibm domino/8.5.2.3
- version/ibm domino/8.5.2.4
- version/ibm domino/8.5.3.0
- version/ibm domino/8.5.3.1
- version/ibm domino/8.5.3.2
- version/ibm domino/8.5.3.3
- version/ibm domino/8.5.3.4
- canonical/ibm lotus inotes
- version/ibm lotus inotes/8.5.0.0
- version/ibm lotus inotes/8.5.1.0
- version/ibm lotus inotes/8.5.2.0
- version/ibm lotus inotes/8.5.3.0