Exploit IBM Lotus Domino 6.x/7.0 iNotes - Email Subject Cross-Site Scripting

[Exploiter]

EDB-ID

27182

Проверка EDB

1. Пройдено

Автор

JAKOB BALLE

Тип уязвимости

REMOTE

Платформа

MULTIPLE

CVE

cve-2006-0663

Дата публикации

2006-02-10

source: https://www.securityfocus.com/bid/16577/info
 
IBM Lotus Domino iNotes is prone to multiple HTML- and script-injection vulnerabilities.
 
These vulnerabilities can allow attackers to carry out a variety of attacks, including theft of cookie-based authentication credentials. 

Proof of concept for the email subject field script injection:

</TITLE><SCRIPT>alert("Vulnerable!");</SCRIPT>