Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: notes2a.htm

Lotus Domino Server 5.0.6 force Javascript to run

    Domino Server


    Lotus Domino Server 5.0.6


    Hiromitsu Takagi  found following.   Accessing the  following URL,
    the  JavaScript  code  will  be  executed  in  the  browser on the
    server's domain.<img%20src=javascript:alert(document.domain)>

    This page produces output like this:

        Error 404
        HTTP Web Server: Couldn't find design note - ******
        Lotus-Domino Release 5.0.6a
        ******: The JavaScript code is executed here.

    This vulnerability is quite similar to "IIS cross-site scripting
    vulnerabilities (MS00-060)" reported by Microsoft.


    This was reproduced and documented as SPR #JCHN4V2HUY.  Lotus  are
    currently researching a  fix and have  plans to address  in Domino
    R5.0.9.  When the fix is available, it will be documented at

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH