CVE-2005-2175 : The web interface for Lotus Notes mail automatically processes HTML in an attach

The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.

Published 2005-07-09 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-2175

IBM » Lotus Notes
cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-2175

EPSS FAQ

13.19%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-2175

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2005-2175

http://securitytracker.com/id?1014440
http://archives.neohapsis.com/archives/bugtraq/2005-07/0075.html

Vendor Advisory

Jump to

Vulnerability Details : CVE-2005-2175

Products affected by CVE-2005-2175

Exploit prediction scoring system (EPSS) score for CVE-2005-2175

CVSS scores for CVE-2005-2175

References for CVE-2005-2175