Back to search
CVE-2006-0663
Published: Feb 13, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://secunia.com/secunia_research/2005-38/advisory/
x_refsource_MISC
ADV-2006-0499
vdb-entry
x_refsource_VUPEN
domino-webaccess-filename-xss(24614)
vdb-entry
x_refsource_XF
domino-webaccess-attachment-xss(24611)
vdb-entry
x_refsource_XF
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919
x_refsource_CONFIRM
23079
vdb-entry
x_refsource_OSVDB
23077
vdb-entry
x_refsource_OSVDB
16577
vdb-entry
x_refsource_BID
23078
vdb-entry
x_refsource_OSVDB
domino-webaccess-javascript-xss(24613)
vdb-entry
x_refsource_XF
16340
third-party-advisory
x_refsource_SECUNIA
1015610
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now