VIR Vulnerability Intelligence Relay

CVE-2010-0920

medium
Published 2010-03-03 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
4.3

Description

Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
ibm ibmlotus_inotes229.231
ibm ibmlotus_inotes229.241
ibm ibmlotus_inotes229.251
ibm ibmlotus_inotes229.011
ibm ibmlotus_inotes229.021
ibm ibmlotus_inotes{"endIncluding":"229.271"}
ibm ibmlotus_inotes229.111
ibm ibmlotus_inotes229.131
ibm ibmlotus_inotes229.141
ibm ibmlotus_inotes229.151
ibm ibmlotus_inotes229.171
ibm ibmlotus_inotes229.181
ibm ibmlotus_inotes229.191
ibm ibmlotus_inotes229.201
ibm ibmlotus_inotes229.211
ibm ibmlotus_inotes229.221
ibm ibmlotus_inotes229.261
ibm ibmlotus_domino8.0.2.4
ibm ibmlotus_inotes229.161
ibm ibmlotus_inotes229.031
ibm ibmlotus_inotes229.041
ibm ibmlotus_inotes229.051
ibm ibmlotus_inotes229.061
ibm ibmlotus_inotes229.101

References

CWEs

CWE-79

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.