header-logo
Suggest Exploit
vendor:
Lotus Domino iNotes
by:
Luigi Auriemma
8.8
CVSS
HIGH
HTML- and script-injection vulnerabilities
79
CWE
Product Name: Lotus Domino iNotes
Affected Version From: 6.5.2004
Affected Version To: 6.5.2004
Patch Exists: YES
Related CWE: CVE-2006-4010
CPE: a:ibm:lotus_domino_inotes
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2006

IBM Lotus Domino iNotes is prone to multiple HTML- and script-injection vulnerabilities

These vulnerabilities can allow attackers to carry out a variety of attacks, including theft of cookie-based authentication credentials. Proof of concept for the email subject field script injection: </TITLE><SCRIPT>alert("Vulnerable!");</SCRIPT>

Mitigation:

Upgrade to the latest version of IBM Lotus Domino iNotes
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16577/info
 
IBM Lotus Domino iNotes is prone to multiple HTML- and script-injection vulnerabilities.
 
These vulnerabilities can allow attackers to carry out a variety of attacks, including theft of cookie-based authentication credentials. 

Proof of concept for the email subject field script injection:

</TITLE><SCRIPT>alert("Vulnerable!");</SCRIPT>

Navigation

Suggest Exploit

Services By CQR