Description
A security researcher contacted IBM to report four security vulnerabilities in the IBM Lotus Domino HTTP server that permit cross site scripting. These vulnerabilities could allow remote attackers to steal cookie-based authentication credentials. While fixes for all four are planned for inclusion in Domino 8.5.4, workarounds exist for two in Domino servers 7.0 and later by enabling a single INI setting. As of 15 August 2012, IBM has not received any reports of customer issues related to these security vulnerabilities.
Remediation
Upgrade to Lotus Domino version 8.5.4.
References
Related Vulnerabilities
WordPress Plugin Project Status Cross-Site Scripting (1.6)
Zope Web Application Server Other Vulnerability (CVE-2007-0240)
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389)
WordPress Plugin MyBookTable Bookstore by Author Media Cross-Site Scripting (3.2.1)
Django Resource Management Errors Vulnerability (CVE-2011-4137)