Minor Notes/Domino scripting vulnerability reported

By Eric B. Parizo, News Editor 21 Oct 2004 | SearchDomino.com

Digg This!     StumbleUpon     Del.icio.us

According to security Web sites, a newly discovered vulnerability could leave Lotus Notes and Domino vulnerable to certain attacks, even though the exploit is considered minor.

Both the Secunia and the SecurityFocus Bugtraq Web sites report that a cross-site scripting vulnerability has been found in Notes version 6.x and Domino 6. Other versions may be affected as well.

For more information Learn about Java applet flaws found in Notes. Read our exclusive on a pair of recent Notes/Domino flaws.

The vulnerability, according to reports, is caused by an input validation error in native Lotus Notes HTML encoding for computed values, where specially crafted input with square brackets is not properly sanitized before being returned to the user.

As a result, the problem can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

The vulnerability has been classified as "less critical," and can be avoided by ensuring that inputs containing square brackets are properly sanitized. Additionally, exploitation is reportedly not possible on editable fields.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary