CVE-2006-0663

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino Inotes Client
Vendor: CVE Published:; 13 February 2006

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.

References

http://secunia.com/secunia_research/2005-38/advisory/

x_refsource_MISC

http://www.vupen.com/english/advisories/2006/0499

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/24614

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 13, 2006
Vulnerability Reserved
Feb 13, 2006