Description
A security researcher contacted IBM to report four security vulnerabilities in the IBM Lotus Domino HTTP server that permit cross site scripting. These vulnerabilities could allow remote attackers to steal cookie-based authentication credentials. While fixes for all four are planned for inclusion in Domino 8.5.4, workarounds exist for two in Domino servers 7.0 and later by enabling a single INI setting. As of 15 August 2012, IBM has not received any reports of customer issues related to these security vulnerabilities.
Remediation
Upgrade to Lotus Domino version 8.5.4.
References
Related Vulnerabilities
WordPress Plugin Hueman Addons Cross-Site Scripting (2.3.3)
WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)
WordPress Plugin WP Legal Pages Cross-Site Scripting (1.0.1)
Envoy Proxy Reachable Assertion Vulnerability (CVE-2021-29258)
WordPress Plugin GS Portfolio for Envato Cross-Site Scripting (1.3.8)