CVE-2006-4843

Related Files

iDEFENSE Security Advisory 2007-03-28.t

Posted Mar 29, 2007

Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 03.28.07 - Remote exploitation of a cross-site scripting vulnerability in IBM Lotus Domino Web Access allows attackers to execute arbitrary script code in a targeted users browser. The vulnerability specifically exists due to improper HTML filtering of e-mail message contents. Although Web Access attempts to filter out HTML and script code, certain code sequences will bypass the filters and successfully execute JavaScript. iDefense has confirmed that Lotus Domino Web Access 7.0 is vulnerable. Earlier versions are suspected vulnerable.

tags | advisory, remote, web, arbitrary, javascript, xss

advisories | CVE-2006-4843

SHA-256 | 4dca58f9882eda2aaa0a1e2a9eeeae088da445bc86e94dc4e83e7e54e51402e4

Download | Favorite | View