The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of IBM Domino, Notes: Cross Site Scripting of Dojo Toolkit

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of IBM Domino or Notes, in order to execute JavaScript code in the context of the web site.
Severity of this bulletin: 2/4.
Creation date: 12/05/2015.
Références of this threat: 1883245, CVE-2014-8917, VIGILANCE-VUL-16875.

Description of the vulnerability

The IBM Domino or Notes product offers a web service using Dojo Toolkit.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of IBM Domino or Notes, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Request your free trial)

This vulnerability impacts software or systems such as Domino, Notes.

Our Vigil@nce team determined that the severity of this security announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer vulnerability note.

Solutions for this threat

IBM Domino: version 9.0.1 Fix Pack 3 Interim Fix 3.
The version 9.0.1 Fix Pack 3 Interim Fix 3 is fixed:
  http://www.ibm.com/support/docview.wss?uid=swg21657963

IBM Domino: version 8.5.3 Fix Pack 6 Interim Fix 7.
The version 8.5.3 Fix Pack 6 Interim Fix 7 is fixed:
  http://www-01.ibm.com/support/docview.wss?uid=swg21657963

IBM Notes: version 9.0.1 Fix Pack 3 Interim Fix 4.
The version 9.0.1 Fix Pack 3 Interim Fix 4 is fixed:
  http://www-01.ibm.com/support/docview.wss?uid=swg21657963

IBM Notes: version 8.5.3 Fix Pack 6 Interim Fix 6.
The version 8.5.3 Fix Pack 6 Interim Fix 6 is fixed:
  http://www-01.ibm.com/support/docview.wss?uid=swg21657963
Full Vigil@nce bulletin... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides network vulnerability analysis. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.