漏洞类别:Local
漏洞等级: 
漏洞信息
IBM iNotes (formerly IBM Lotus iNotes) is a full-featured web-based version of IBM's IBM Notes client.
IBM iNotes is vulnerable to cross-site scripting which allows users to embed arbitrary JavaScript code in the Web UI which could result in credentials disclosure within a trusted session.
Affected Versions:
1) IBM iNotes versions 9.0 and 9.0.1 prior to 9.0.1 Fix Pack 7 Interim Fix 2
2)IBM iNotes versions 8.5, 8.5.1, 8.5.2 and 8.5.3 prior to 8.5.3 Fix Pack 6 Interim Fix 13
漏洞危害
Successful exploitation of the vulnerabilities will allow a remote attacker to execute arbitrary code and modify validation rules and error messages.
解决方案
The vendor has released a fix to resolve the issue, please refer to the advisories for recommended fixes that apply to IBM iNotes :
swg21988182
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论