CVE-2012-5307
low
CVSS v3
—
CVSS v2
2.6
VIR risk
2.6
Description
Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | lotus_notes_traveler | {"endIncluding":"8.5.3.3"} | |
| ibm | lotus_notes_traveler | 8.5.0.0 | |
| ibm | lotus_notes_traveler | 8.5.0.1 | |
| ibm | lotus_notes_traveler | 8.5.0.2 | |
| ibm | lotus_notes_traveler | 8.5.1.1 | |
| ibm | lotus_notes_traveler | 8.5.1.2 | |
| ibm | lotus_notes_traveler | 8.5.1.3 | |
| ibm | lotus_notes_traveler | 8.5.2.1 | |
| ibm | lotus_notes_traveler | 8.5.3 | |
| ibm | lotus_notes_traveler | 8.5.3.1 | |
| ibm | lotus_notes_traveler | 8.5.3.2 | |
References
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.