VYPR

Lotus Inotes

by IBM

CVEs (52)

  • CVE-2025-0248HigNov 25, 2025
    risk 0.53cvss 8.1epss 0.00

    HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim's Web browser within the security context of the…

  • CVE-2017-1711HigFeb 13, 2018
    risk 0.51cvss 7.8epss 0.01

    IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.

  • CVE-2013-0589HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.02

    IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371.

  • CVE-2017-1130MedSep 5, 2017
    risk 0.48cvss 6.5epss 0.29

    IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.

  • CVE-2017-1129MedSep 5, 2017
    risk 0.48cvss 6.5epss 0.30

    IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.

  • CVE-2013-0594MedJul 11, 2018
    risk 0.40cvss 6.1epss 0.01

    Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383.

  • CVE-2017-1421MedDec 13, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2017-1327MedAug 3, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062.

  • CVE-2017-1332MedJul 31, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234.

  • CVE-2017-1325MedMay 26, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.

  • CVE-2016-9990MedMar 31, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:…

  • CVE-2016-5883MedFeb 23, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #:…

  • CVE-2016-5881MedFeb 1, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6113MedFeb 1, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-5884MedFeb 1, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-5882MedFeb 1, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-2939MedFeb 1, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-2938MedFeb 1, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2017-1214MedJun 12, 2017
    risk 0.37cvss 5.7epss 0.01

    IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.

  • CVE-2013-0592MedJul 11, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815.

Page 1 of 3