- A security researcher contacted IBM to report four security vulnerabilities in the IBM Lotus Domino HTTP server that permit cross site scripting. These vulnerabilities could allow remote attackers to steal cookie-based authentication credentials. While fixes for all four are planned for inclusion in Domino 8.5.4, workarounds exist for two in Domino servers 7.0 and later by enabling a single INI setting. As of 15 August 2012, IBM has not received any reports of customer issues related to these security vulnerabilities.
- Upgrade to Lotus Domino version 8.5.4.
- WordPress Plugin Pretty Link Lite Cross-Site Scripting (1.6.2)
- WordPress Plugin Media File Manager Advanced Multiple Vulnerabilities (1.1.5)
- WordPress Plugin GeSHi Source Colorer Cross-Site Scripting (0.13)
- WordPress Plugin SendGrid Cross-Site Scripting (1.10.7)
- WordPress Plugin Nofollow Links Cross-Site Scripting (1.0.10)