Lotus Information for VU#642239

Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Status

Affected

Vendor Statement

This was reproduced and documented as SPR #JCHN4V2HUY. We are currently researching a fix and have plans to address in Domino R5.0.9. When the fix is available, it will be documented at http://www.notes.net/r5fixlist.nsf.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.