| VID |
22304 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Lotus Domino/Notes has the 'Square Bracket([])' Cross-Site Scripting Vulnerability.
Lotus Domino/Notes 6.0 and earlier are vulnerable to a Cross-Site Scripting Vulnerability, caused by a failure to the application to properly validate the user-supplied input within 'Square Bracket([])' characters. A remote attacker could create a specially crafted URL link containing malicious script embedded within square brackets, and then could persuade a target user to click it. Once the URL is clicked, the embedded codes would be executed in the victim's Web browser. A remote attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
* References:
http://securitytracker.com/alerts/2004/Oct/1011779.html
* Platforms Affected:
IBM, Lotus Domino 6.0 and earlier
IBM, Lotus Notes 6.0 and earlier
Any Operating system Any version |
| Recommendation |
No upgrade or patch available as of November 2004.
Upgrade to the new version of Lotus Domino, when new version fixed this problem becomes available from the IBM Lotus Domino Web site at http://www.lotus.com/ |
| Related URL |
(CVE) |
| Related URL |
11458 (SecurityFocus) |
| Related URL |
17758 (ISS) |
|
