IBM Domino 8.5.x < 8.5.3 FP6 iNotes Multiple XSS (uncredentialed check)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote server is affected by multiple cross-site scripting
vulnerabilities.

Description :

According to its banner, the version of IBM Domino (formerly IBM Lotus
Domino) on the remote host is 8.5.x prior to 8.5.3 FP6. It is,
therefore, affected by the following iNotes-related cross-site scripting
vulnerabilities :

- An input validation error exists related to handling
content in email messages. (CVE-2013-4063)

- An input validation error exists related to iNotes when
running in 'ultra-light' mode. (CVE-2013-4064)

- An input validation error exists related to handling
content in email messages and iNotes when running in
'ultra-light' mode. (CVE-2013-4065)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg24032242#FP6
http://www.nessus.org/u?bc8b4137

Solution :

Upgrade to IBM Domino 8.5.3 FP6 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 71858 ()

Bugtraq ID: 64444
64445
64451

CVE ID: CVE-2013-4063
CVE-2013-4064
CVE-2013-4065