This page lists publicly disclosed CVE vulnerabilities affecting ibm inotes (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-1659 | "HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials." | [email protected] | 6.1 | 0.29% | 2020-07-01 | 2024-11-21 |
| CVE-2013-0594 | Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383. | [email protected] | 6.1 | 0.15% | 2018-07-11 | 2024-11-21 |
| CVE-2013-0592 | Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815. | [email protected] | 5.4 | 0.06% | 2018-07-11 | 2024-11-21 |
| CVE-2013-0589 | IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371. | [email protected] | 7.5 | 0.17% | 2018-07-11 | 2024-11-21 |
| CVE-2017-1421 | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 6.1 | 0.26% | 2017-12-13 | 2026-05-13 |
| CVE-2017-1130 | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371. | [email protected] | 6.5 | 65.48% | 2017-09-05 | 2026-05-13 |
| CVE-2017-1129 | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370. | [email protected] | 6.5 | 68.50% | 2017-09-05 | 2026-05-13 |
| CVE-2017-1327 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062. | [email protected] | 6.1 | 0.26% | 2017-08-03 | 2026-05-13 |
| CVE-2017-1332 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234. | [email protected] | 6.1 | 0.26% | 2017-07-31 | 2026-05-13 |
| CVE-2017-1214 | IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854. | [email protected] | 5.7 | 0.36% | 2017-06-12 | 2026-05-13 |
| CVE-2017-1325 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976. | [email protected] | 6.1 | 0.29% | 2017-05-26 | 2026-05-13 |
| CVE-2016-9990 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824. | [email protected] | 6.1 | 0.25% | 2017-03-31 | 2026-05-13 |
| CVE-2016-5883 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010. | [email protected] | 6.1 | 0.26% | 2017-02-23 | 2026-05-13 |
| CVE-2016-5881 | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 6.1 | 0.28% | 2017-02-01 | 2026-05-13 |
| CVE-2016-6113 | IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 6.1 | 0.26% | 2017-02-01 | 2026-05-13 |
| CVE-2016-5884 | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 6.1 | 0.26% | 2017-02-01 | 2026-05-13 |
| CVE-2016-5882 | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 6.1 | 0.26% | 2017-02-01 | 2026-05-13 |
| CVE-2016-5880 | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 5.4 | 0.27% | 2017-02-01 | 2026-05-13 |
| CVE-2016-2939 | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 6.1 | 0.26% | 2017-02-01 | 2026-05-13 |
| CVE-2016-2938 | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 6.1 | 0.26% | 2017-02-01 | 2026-05-13 |