iDefense Security Advisory 03.28.07 - Remote exploitation of a cross-site scripting vulnerability in IBM Lotus Domino Web Access allows attackers to execute arbitrary script code in a targeted users browser. The vulnerability specifically exists due to improper HTML filtering of e-mail message contents. Although Web Access attempts to filter out HTML and script code, certain code sequences will bypass the filters and successfully execute JavaScript. iDefense has confirmed that Lotus Domino Web Access 7.0 is vulnerable. Earlier versions are suspected vulnerable.
4dca58f9882eda2aaa0a1e2a9eeeae088da445bc86e94dc4e83e7e54e51402e4