Description
A security researcher contacted IBM to report four security vulnerabilities in the IBM Lotus Domino HTTP server that permit cross site scripting. These vulnerabilities could allow remote attackers to steal cookie-based authentication credentials. While fixes for all four are planned for inclusion in Domino 8.5.4, workarounds exist for two in Domino servers 7.0 and later by enabling a single INI setting. As of 15 August 2012, IBM has not received any reports of customer issues related to these security vulnerabilities.
Remediation
Upgrade to Lotus Domino version 8.5.4.
References
Related Vulnerabilities
Magento CVE-2019-8122 Vulnerability (CVE-2019-8122)
WordPress Plugin Media Library Assistant Multiple Vulnerabilities (2.81)
OpenSSL DEPRECATED: Code Vulnerability (CVE-2015-0286)
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11585)
WordPress Plugin Super Simple Custom CSS Cross-Site Scripting (1.2)