CVE-2006-4843

medium

Description

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33280

http://www.vupen.com/english/advisories/2007/1133

http://www.securitytracker.com/id?1017824

http://www.securityfocus.com/bid/23173

http://www-1.ibm.com/support/docview.wss?uid=swg21257026

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493

Details

Source: Mitre, NVD

Published: 2007-03-29

Updated: 2017-07-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium