According to security Web sites, a newly discovered vulnerability could leave Lotus Notes and Domino vulnerable to certain attacks, even though the exploit is considered minor.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Both the Secunia and the SecurityFocus Bugtraq Web sites report that a cross-site scripting vulnerability has been found in Notes version 6.x and Domino 6. Other versions may be affected as well.
The vulnerability, according to reports, is caused by an input validation error in native Lotus Notes HTML encoding for computed values, where specially crafted input with square brackets is not properly sanitized before being returned to the user.
As a result, the problem can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
The vulnerability has been classified as "less critical," and can be avoided by ensuring that inputs containing square brackets are properly sanitized. Additionally, exploitation is reportedly not possible on editable fields.