Cross-site Scripting Vulnerability in Lotus Domino iNotes Client by IBM
CVE-2006-0662

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino Inotes Client
Vendor: CVE Published:; 13 February 2006

Summary

The Lotus Domino iNotes Client 6.5.4 is susceptible to a cross-site scripting (XSS) vulnerability. Attackers can exploit this flaw by sending emails with attached HTML files that are rendered directly in the user's browser. This allows remote injection of arbitrary web scripts or HTML, which can compromise user data and session integrity. Proper sanitization and validation of user input in email attachments are recommended to mitigate this issue.

References

http://secunia.com/secunia_research/2005-38/advisory/

x_refsource_MISC

http://www.vupen.com/english/advisories/2006/0499

vdb-entryx_refsource_VUPEN

http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21...

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 13, 2006
Vulnerability Reserved
Feb 13, 2006