CVE-2016-2938 - CVE Vulnerability

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. (CVSS:4.3) (Last Update:2017-02-05)

Vulnerability Details : IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Publish Date : 2017-02-01 Last Update Date : 2017-02-05 - CVSS Scores & Vulnerability Types CVSS Score 4.3 Confidentiality Impact None(There is no impact to the confidentiality of the system.) Integrity Impact Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact None(There is no impact to the availability of the system.) Access Complexity Medium(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required(Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Cross Site Scripting CWE ID 79 - Products Affected By CVE-2016-2938 # Product Type Vendor Product Version Update Edition Language 1 Application IBM Domino 8.5.1.0 Version Details Vulnerabilities 2 Application IBM Domino 8.5.1.1 Version Details Vulnerabilities 3 Application IBM Domino 8.5.1.2 Version Details Vulnerabilities 4 Application IBM Domino 8.5.1.3 Version Details Vulnerabilities 5 Application IBM Domino 8.5.1.4 Version Details Vulnerabilities 6 Application IBM Domino 8.5.1.5 Version Details Vulnerabilities 7 Application IBM Domino 8.5.2.0 Version Details Vulnerabilities 8 Application IBM Domino 8.5.2.1 Version Details Vulnerabilities 9 Application IBM Domino 8.5.2.2 Version Details Vulnerabilities 10 Application IBM Domino 8.5.2.3 Version Details Vulnerabilities 11 Application IBM Domino 8.5.2.4 Version Details Vulnerabilities 12 Application IBM Domino 8.5.3.0 Version Details Vulnerabilities 13 Application IBM Domino 8.5.3.1 Version Details Vulnerabilities 14 Application IBM Domino 8.5.3.2 Version Details Vulnerabilities 15 Application IBM Domino 8.5.3.3 Version Details Vulnerabilities 16 Application IBM Domino 8.5.3.4 Version Details Vulnerabilities 17 Application IBM Domino 8.5.3.5 Version Details Vulnerabilities 18 Application IBM Domino 8.5.3.6 Version Details Vulnerabilities 19 Application IBM Domino 9.0.0.0 Version Details Vulnerabilities 20 Application IBM Domino 9.0.1.0 Version Details Vulnerabilities 21 Application IBM Domino 9.0.1.1 Version Details Vulnerabilities 22 Application IBM Domino 9.0.1.2 Version Details Vulnerabilities 23 Application IBM Domino 9.0.1.3 Version Details Vulnerabilities 24 Application IBM Domino 9.0.1.4 Version Details Vulnerabilities 25 Application IBM Domino 9.0.1.5 Version Details Vulnerabilities 26 Application IBM Domino 9.0.1.6 Version Details Vulnerabilities 27 Application IBM Inotes 8.5.1.0 Version Details Vulnerabilities 28 Application IBM Inotes 8.5.1.1 Version Details Vulnerabilities 29 Application IBM Inotes 8.5.1.2 Version Details Vulnerabilities 30 Application IBM Inotes 8.5.1.3 Version Details Vulnerabilities 31 Application IBM Inotes 8.5.1.4 Version Details Vulnerabilities 32 Application IBM Inotes 8.5.1.5 Version Details Vulnerabilities 33 Application IBM Inotes 8.5.2.0 Version Details Vulnerabilities 34 Application IBM Inotes 8.5.2.1 Version Details Vulnerabilities 35 Application IBM Inotes 8.5.2.2 Version Details Vulnerabilities 36 Application IBM Inotes 8.5.2.3 Version Details Vulnerabilities 37 Application IBM Inotes 8.5.3.0 Version Details Vulnerabilities 38 Application IBM Inotes 8.5.3.1 Version Details Vulnerabilities 39 Application IBM Inotes 8.5.3.2 Version Details Vulnerabilities 40 Application IBM Inotes 8.5.3.3 Version Details Vulnerabilities 41 Application IBM Inotes 8.5.3.4 Version Details Vulnerabilities 42 Application IBM Inotes 8.5.3.5 Version Details Vulnerabilities 43 Application IBM Inotes 8.5.3.6 Version Details Vulnerabilities 44 Application IBM Inotes 9.0.0.0 Version Details Vulnerabilities 45 Application IBM Inotes 9.0.1.0 Version Details Vulnerabilities 46 Application IBM Inotes 9.0.1.1 Version Details Vulnerabilities 47 Application IBM Inotes 9.0.1.2 Version Details Vulnerabilities 48 Application IBM Inotes 9.0.1.3 Version Details Vulnerabilities 49 Application IBM Inotes 9.0.1.4 Version Details Vulnerabilities 50 Application IBM Inotes 9.0.1.5 Version Details Vulnerabilities 51 Application IBM Inotes 9.0.1.6 Version Details Vulnerabilities - Number Of Affected Versions By Product Vendor Product Vulnerable Versions IBM Domino 26 IBM Inotes 25 - References For CVE-2016-2938 http://www.securityfocus.com/bid/94600 BID 94600 IBM iNotes and Domino CVE-2016-2938 Cross Site Scripting Vulnerability Release Date:2016-12-02 http://www.ibm.com/support/docview.wss?uid=swg21992835 CONFIRM

- Metasploit Modules Related To CVE-2016-2938 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)