- Description
- The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99CADAC9-376A-430B-B228-84F0FA401154"
}
],
"operator": "OR"
}
]
}
]