IBM Lotus Domino 6.x/7.0 iNotes javascript: Filter Bypass

2006-02-10T00:00:00
ID EDB-ID:27181
Type exploitdb
Reporter Jakob Balle
Modified 2006-02-10T00:00:00

Description

IBM Lotus Domino 6.x/7.0 iNotes javascript: Filter Bypass. CVE-2006-0663 . Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/16577/info

IBM Lotus Domino iNotes is prone to multiple HTML- and script-injection vulnerabilities.

These vulnerabilities can allow attackers to carry out a variety of attacks, including theft of cookie-based authentication credentials. 

A proof of concept example for the issue exploited through a 'javascript:' URI is available:

<a href="java
script:alert('Vulnerable!');">Link</a>