Description
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Jakob Balle · textremotemultiple
https://www.exploit-db.com/exploits/27182
exploitdb
WORKING POC
VERIFIED
by Jakob Balle · textremotemultiple
https://www.exploit-db.com/exploits/27181
References (12)
Core 12
Core References
Patch, Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2005-38/advisory/
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0499
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24614
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24611
Patch x_refsource_confirm
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919
Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23079
Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23077
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16577
Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23078
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24613
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16340
Exploit, Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015610
Scores
EPSS
0.0055
EPSS Percentile
68.1%
Details
CWE
CWE-79
Status
published
Products (2)
ibm/lotus_domino_inotes_client
6.5.4
ibm/lotus_domino_inotes_client
7.0
Published
Feb 13, 2006
Tracked Since
Feb 18, 2026