Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2. Per: http://www-01.ibm.com/support/docview.wss?uidswg21645503
"A fix for CVE-2013-3990 can be made available to qualified customers upon request via a hotfix to 8.5.3 Fix Pack 5."
Publication date: Sat, 10 Aug 2013 00:55:00 +0000