Synopsis
The remote host is vulnerable to a Script Injection attack.
Description
The remote host is running the Lotus Notes email client. Lotus Notes client versions 6.5.4 and earlier could allow a remote attacker to inject HTML and JavaScript into email messages. An attacker exploiting this flaw would only need to send a malicious email to a Lotus Notes recipient. Successful exploitation would result in potentially malicious code executing with the user's privileges.
Solution
Upgrade to version 6.5.5 or higher.
Plugin Details
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:H/RL:U/RC:C
Reference Information
BID: 14164