漏洞类别:Local
漏洞等级: 
漏洞信息
IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications.
The software does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the IBM Lotus Notes and Domino software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Affected Versions
BM Domino 9.0.1 through 9.0.1 Fix Pack 6 Interim Fix 3 IBM Domino 9.0.0x
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 14
IBM Domino 8.5.2x
IBM Domino 8.5.1x
漏洞危害
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the IBM Lotus Notes and Domino software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
解决方案
IBM has issued a fix (8.5.3 Fix Pack 6 Interim Fix 15, 9.0.1 Fix Pack 7 Interim Fix 1).
Refer to IBM advisory swg21992835 to obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论