Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote malicious users to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus domino inotes client 6.5.4 |
||
ibm lotus domino inotes client 7.0 |