Description

A security researcher contacted IBM to report four security vulnerabilities in the IBM Lotus Domino HTTP server that permit cross site scripting. These vulnerabilities could allow remote attackers to steal cookie-based authentication credentials. While fixes for all four are planned for inclusion in Domino 8.5.4, workarounds exist for two in Domino servers 7.0 and later by enabling a single INI setting. As of 15 August 2012, IBM has not received any reports of customer issues related to these security vulnerabilities.

Remediation

Upgrade to Lotus Domino version 8.5.4.

References

Aug-2012 IBM Lotus Domino Web Server Cross-Site Scripting Vulnerabilities

Related Vulnerabilities

Oracle Database Server CVE-2014-4294 Vulnerability (CVE-2014-4294)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7061)

MySQL CVE-2021-2014 Vulnerability (CVE-2021-2014)

WordPress Plugin Real Media Library:Media Library Folder & File Manager Cross-Site Scripting (4.14.1)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5271)

Severity

High

Classification

CVE-2012-3301 CVE-2012-3302 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities XSS Missing Update