Minor Notes/Domino scripting vulnerability reported

Eric B. Parizo, Executive Editor

According to security Web sites, a newly discovered vulnerability could leave Lotus Notes and Domino vulnerable to certain attacks, even though the exploit is considered minor.

Both the Secunia and the SecurityFocus Bugtraq Web sites report that a cross-site scripting vulnerability has been found in Notes version 6.x and Domino 6. Other versions may be affected as well.

For more information

Learn about Java applet flaws found in Notes.

Read our exclusive on a pair of recent Notes/Domino flaws.

The vulnerability, according to reports, is caused by an input validation error in native Lotus Notes HTML encoding for computed values, where specially crafted input with square brackets is not properly sanitized before being returned to the user.

As a result, the problem can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

The vulnerability has been classified as "less critical," and can be avoided by ensuring that inputs containing square brackets are properly sanitized. Additionally, exploitation is reportedly not possible on editable fields.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: