{"api_version":"1","generated_at":"2026-04-23T15:41:41+00:00","cve":"CVE-2013-5389","urls":{"html":"https://cve.report/CVE-2013-5389","api":"https://cve.report/api/cve/CVE-2013-5389.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-5389","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-5389"},"summary":{"title":"CVE-2013-5389","description":"Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2013-10-22 22:55:00","updated_at":"2017-08-29 01:33:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/87125","name":"inotes-cve20135389-xss(87125)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21653149","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21653149","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"IBM Security Bulletin: IBM iNotes Stored Cross-Site Scripting Vulnerabilities (CVE-2013-5388, CVE-2013-5389)","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-5389","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5389","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"5389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"lotus_domino","cpe6":"8.5.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"5389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"lotus_domino","cpe6":"9.0.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"5389","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"lotus_domino","cpe6":"8.5.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"5389","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"lotus_domino","cpe6":"9.0.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","ID":"CVE-2013-5389","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"inotes-cve20135389-xss(87125)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/87125"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21653149","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21653149"}]}},"nvd":{"publishedDate":"2013-10-22 22:55:00","lastModifiedDate":"2017-08-29 01:33:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"5389","Ordinal":"65068","Title":"CVE-2013-5389","CVE":"CVE-2013-5389","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"5389","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"5389","Ordinal":"2","NoteData":"2013-10-22","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"5389","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}