Vulnerabilities > CVE-2006-4843 - HTML Injection vulnerability in IBM Lotus Domino Web Access Email Message
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
ibm
Summary
Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493
- http://secunia.com/advisories/24633
- http://www.securityfocus.com/bid/23173
- http://www.securitytracker.com/id?1017824
- http://www.vupen.com/english/advisories/2007/1133
- http://www-1.ibm.com/support/docview.wss?uid=swg21257026
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33280