SMTP: IBM Lotus Notes Cross Site Scripting
This signature detects attempts to exploit a known vulnerability against IBM Lotus Domino Web Access (DWA) and Lotus Notes. It is due to insufficient handling while displaying an HTML formatted email. A successful attack can lead to arbitrary script code execution within the context of the affected application.
Extended Description
IBM Lotus Notes email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically when the email message is viewed. Specifically, users accessing standard Notes mail templates through a Web mail client are affected. This vulnerability may be leveraged by a remote attacker to automatically execute arbitrary script code in the context of a target user.
Affected Products
Ibm lotus_notes
Short Name
SMTP:IBM-LOTUS-NOTES-XSS
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2005-2175 Cross IBM Lotus Notes Scripting Site bid:14164
Release Date
08/15/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Ibm
CVSS Score
5.0