ID OSVDB:23077 Type osvdb Reporter Tan Chew Keong(vuln@secunia.com), Jakob Balle(jb@secunia.com) Modified 2006-02-10T07:02:51
Description
Vulnerability Description
Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTML attachments of emails upon displaying them to the user. In addition, Lotus Notes fails to properly sanitise the attachment's file name before displaying it to the user. Both these issues could allow an attacker to create a specially crafted HTML file or a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Upgrade to version 6.5.5, 7.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTML attachments of emails upon displaying them to the user. In addition, Lotus Notes fails to properly sanitise the attachment's file name before displaying it to the user. Both these issues could allow an attacker to create a specially crafted HTML file or a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
{"enchantments": {"score": {"value": 5.3, "vector": "NONE", "modified": "2017-04-28T13:20:20", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-0662", "CVE-2006-0663"]}, {"type": "osvdb", "idList": ["OSVDB:23078", "OSVDB:23079"]}, {"type": "exploitdb", "idList": ["EDB-ID:27182", "EDB-ID:27181"]}], "modified": "2017-04-28T13:20:20", "rev": 2}, "vulnersScore": 5.3}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Lotus Notes", "operator": "eq", "version": "7.0"}, {"name": "Lotus Notes", "operator": "eq", "version": "6.5.4"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:23077", "id": "OSVDB:23077", "title": "Lotus Domino iNotes Attached File XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "lastseen": "2017-04-28T13:20:20", "edition": 1, "reporter": "Tan Chew Keong(vuln@secunia.com), Jakob Balle(jb@secunia.com)", "description": "## Vulnerability Description\nLotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTML attachments of emails upon displaying them to the user. In addition, Lotus Notes fails to properly sanitise the attachment's file name before displaying it to the user. Both these issues could allow an attacker to create a specially crafted HTML file or a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 6.5.5, 7.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nLotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTML attachments of emails upon displaying them to the user. In addition, Lotus Notes fails to properly sanitise the attachment's file name before displaying it to the user. Both these issues could allow an attacker to create a specially crafted HTML file or a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919)\nSecurity Tracker: 1015610\n[Secunia Advisory ID:16340](https://secuniaresearch.flexerasoftware.com/advisories/16340/)\n[Related OSVDB ID: 23078](https://vulners.com/osvdb/OSVDB:23078)\n[Related OSVDB ID: 23079](https://vulners.com/osvdb/OSVDB:23079)\nOther Advisory URL: http://secunia.com/secunia_research/2005-38/advisory/\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0183.html\nISS X-Force ID: 24611\nFrSIRT Advisory: ADV-2006-0499\n[CVE-2006-0662](https://vulners.com/cve/CVE-2006-0662)\n[CVE-2006-0663](https://vulners.com/cve/CVE-2006-0663)\nBugtraq ID: 16577\n", "modified": "2006-02-10T07:02:51", "viewCount": 3, "published": "2006-02-10T07:02:51", "cvelist": ["CVE-2006-0663", "CVE-2006-0662"]}
{"cve": [{"lastseen": "2021-02-02T05:27:18", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using \"java script:\"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.\nThis vulnerability is addressed in the following product releases:\r\nIBM, Lotus Domino iNotes Client, 6.5.5\r\nIBM, Lotus Domino iNotes Client, 7.0.1", "edition": 4, "cvss3": {}, "published": "2006-02-13T11:06:00", "title": "CVE-2006-0663", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0663"], "modified": "2017-07-20T01:29:00", "cpe": ["cpe:/a:ibm:lotus_domino_inotes_client:7.0", "cpe:/a:ibm:lotus_domino_inotes_client:6.5.4"], "id": "CVE-2006-0663", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0663", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ibm:lotus_domino_inotes_client:6.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_domino_inotes_client:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:18", "description": "Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.", "edition": 4, "cvss3": {}, "published": "2006-02-13T11:06:00", "title": "CVE-2006-0662", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0662"], "modified": "2017-07-20T01:29:00", "cpe": ["cpe:/a:ibm:lotus_domino_inotes_client:6.5.4"], "id": "CVE-2006-0662", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0662", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ibm:lotus_domino_inotes_client:6.5.4:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-0663"], "edition": 1, "description": "## Vulnerability Description\nLotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the subject of an email upon displaying it to the user. This could allow an attacker to create a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 6.5.5, 7.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nLotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the subject of an email upon displaying it to the user. This could allow an attacker to create a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919)\nSecurity Tracker: 1015610\n[Secunia Advisory ID:16340](https://secuniaresearch.flexerasoftware.com/advisories/16340/)\n[Related OSVDB ID: 23077](https://vulners.com/osvdb/OSVDB:23077)\n[Related OSVDB ID: 23079](https://vulners.com/osvdb/OSVDB:23079)\nOther Advisory URL: http://secunia.com/secunia_research/2005-38/advisory/\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0183.html\nISS X-Force ID: 24612\nFrSIRT Advisory: ADV-2006-0499\n[CVE-2006-0663](https://vulners.com/cve/CVE-2006-0663)\nBugtraq ID: 16577\n", "modified": "2006-02-10T07:02:51", "published": "2006-02-10T07:02:51", "href": "https://vulners.com/osvdb/OSVDB:23078", "id": "OSVDB:23078", "title": "Lotus Domino iNotes Email Subject XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-0663"], "edition": 1, "description": "## Vulnerability Description\nLotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does properly validate JavaScript content that contains a ' ' character, bypassing the existing security filters. This could allow an attacker to create a specially crafted link that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 6.5.5, 7.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nLotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does properly validate JavaScript content that contains a ' ' character, bypassing the existing security filters. This could allow an attacker to create a specially crafted link that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919)\nSecurity Tracker: 1015610\n[Secunia Advisory ID:16340](https://secuniaresearch.flexerasoftware.com/advisories/16340/)\n[Related OSVDB ID: 23078](https://vulners.com/osvdb/OSVDB:23078)\n[Related OSVDB ID: 23077](https://vulners.com/osvdb/OSVDB:23077)\nOther Advisory URL: http://secunia.com/secunia_research/2005-38/advisory/\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0183.html\nISS X-Force ID: 24613\nFrSIRT Advisory: ADV-2006-0499\n[CVE-2006-0663](https://vulners.com/cve/CVE-2006-0663)\nBugtraq ID: 16577\n", "modified": "2006-02-10T07:02:51", "published": "2006-02-10T07:02:51", "href": "https://vulners.com/osvdb/OSVDB:23079", "id": "OSVDB:23079", "title": "Lotus Domino iNotes javascript: Filter Bypass", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T05:17:27", "description": "IBM Lotus Domino 6.x/7.0 iNotes javascript: Filter Bypass. CVE-2006-0663 . Remote exploits for multiple platform", "published": "2006-02-10T00:00:00", "type": "exploitdb", "title": "IBM Lotus Domino 6.x/7.0 iNotes javascript: Filter Bypass", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-0663"], "modified": "2006-02-10T00:00:00", "id": "EDB-ID:27181", "href": "https://www.exploit-db.com/exploits/27181/", "sourceData": "source: http://www.securityfocus.com/bid/16577/info\r\n\r\nIBM Lotus Domino iNotes is prone to multiple HTML- and script-injection vulnerabilities.\r\n\r\nThese vulnerabilities can allow attackers to carry out a variety of attacks, including theft of cookie-based authentication credentials. \r\n\r\nA proof of concept example for the issue exploited through a 'javascript:' URI is available:\r\n\r\n<a href=\"java script:alert('Vulnerable!');\">Link</a>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27181/"}, {"lastseen": "2016-02-03T05:17:35", "description": "IBM Lotus Domino 6.x/7.0 iNotes Email Subject XSS. CVE-2006-0663. Remote exploits for multiple platform", "published": "2006-02-10T00:00:00", "type": "exploitdb", "title": "IBM Lotus Domino 6.x/7.0 iNotes Email Subject XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-0663"], "modified": "2006-02-10T00:00:00", "id": "EDB-ID:27182", "href": "https://www.exploit-db.com/exploits/27182/", "sourceData": "source: http://www.securityfocus.com/bid/16577/info\r\n \r\nIBM Lotus Domino iNotes is prone to multiple HTML- and script-injection vulnerabilities.\r\n \r\nThese vulnerabilities can allow attackers to carry out a variety of attacks, including theft of cookie-based authentication credentials. \r\n\r\nProof of concept for the email subject field script injection:\r\n\r\n</TITLE><SCRIPT>alert(\"Vulnerable!\");</SCRIPT> ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27182/"}]}
