CVE-2012-2955

IBM Lotus Protector <2.8 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.

Exploits (1)

exploitdb WORKING POC VERIFIED

by muts · pythonwebappswindows

https://www.exploit-db.com/exploits/20368

View Code ZIP pw:eip

References (6)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg21605626

[US Government Resource] http://www.kb.cert.org/vuls/id/659791

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/54486

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/76798

[Third Party Advisory, VDB Entry] http://osvdb.org/84014

[Third Party Advisory] http://secunia.com/advisories/49897

Scores

EPSS 0.0433

EPSS Percentile 88.7%

Classification

CWE

CWE-79

Status draft

Affected Products (11)

ibm/proventia_network_mail_security_system_firmware

ibm/proventia_network_mail_security_system_firmware

ibm/proventia_network_mail_security_system_firmware

ibm/proventia_network_mail_security_system_firmware

ibm/proventia_network_mail_security_system_firmware

ibm/proventia_network_mail_security_system

ibm/proventia_network_mail_security_system

ibm/lotus_protector_for_mail_security

ibm/lotus_protector_for_mail_security

ibm/lotus_protector_for_mail_security

ibm/lotus_protector_for_mail_security

Timeline

Published Jul 20, 2012

Tracked Since Feb 18, 2026