Cross-Site Scripting Vulnerabilities in IBM Lotus Domino iNotes Client
CVE-2006-0663

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino Inotes Client
Vendor: CVE Published:; 13 February 2006

Summary

The IBM Lotus Domino iNotes Client versions 6.5.4 and 7.0 are susceptible to multiple Cross-Site Scripting (XSS) vulnerabilities. These flaws enable remote attackers to inject arbitrary web scripts or HTML into the client interface. Potential vectors for exploitation include manipulating the subject of emails, utilizing encoded JavaScript URIs, and exploiting scenarios when the Domino Web Access ActiveX control is absent by crafting malicious email attachment filenames. Such vulnerabilities pose significant risks to users, enabling attackers to execute unwanted scripts in the context of the affected client's session.

References

http://secunia.com/secunia_research/2005-38/advisory/

x_refsource_MISC

http://www.vupen.com/english/advisories/2006/0499

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/24614

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 13, 2006
Vulnerability Reserved
Feb 13, 2006