IBM Lotus Domino 6.x/7.0 iNotes - Email Subject Cross-Site Scripting



EKU-ID: 32477 CVE: CVE-2006-0663;OSVDB-23078 OSVDB-ID:
Author: Jakob Balle Published: 2006-02-10 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


source: https://www.securityfocus.com/bid/16577/info

IBM Lotus Domino iNotes is prone to multiple HTML- and script-injection vulnerabilities.

These vulnerabilities can allow attackers to carry out a variety of attacks, including theft of cookie-based authentication credentials.

Proof of concept for the email subject field script injection:

</TITLE><SCRIPT>alert("Vulnerable!");</SCRIPT>