Lotus Information for VU#642239
Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page
- Vendor Information Help Date Notified: 18 Mar 2001
- Statement Date:
- Date Updated: 18 Jul 2001
This was reproduced and documented as SPR #JCHN4V2HUY. We are currently researching a fix and have plans to address in Domino R5.0.9. When the fix is available, it will be documented at http://www.notes.net/r5fixlist.nsf.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.