IBM Lotus iNotes Shared Mail File Multiple Local Cross Site Scripting Vulnerabilities

Bugtraq ID:	58666
Class:	Input Validation Error
CVE:	CVE-2013-0525
Remote:	No
Local:	Yes
Published:	Mar 21 2013 12:00AM
Updated:	Mar 21 2013 12:00AM
Credit:	Reported by vendor.
Vulnerable:	IBM Lotus iNotes 8.5.3 IBM Lotus iNotes 8.5.2 IBM Lotus iNotes 8.5.1 IBM Lotus iNotes 8.5
Not Vulnerable:	IBM Lotus iNotes 9.0

IBM Lotus iNotes Shared Mail File Multiple Local Cross Site Scripting Vulnerabilities

IBM Lotus iNotes is prone to multiple cross-site scripting vulnerabilities.

An authenticated local attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials or launch other attacks.

IBM Lotus iNotes 8.5, 8.5.1, 8.5.2 and 8.5.3 are vulnerable.

IBM Lotus iNotes Shared Mail File Multiple Local Cross Site Scripting Vulnerabilities

Successful exploits requires an attacker to gain local interactive access to a vulnerable computer.

IBM Lotus iNotes Shared Mail File Multiple Local Cross Site Scripting Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Lotus iNotes Shared Mail File Multiple Local Cross Site Scripting Vulnerabilities

References:

• Lotus iNotes Homepage (IBM)
  
• Security vulnerabilities addressed in IBM iNotes 9.0 CVE-2013-0525 (IBM)