Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does properly validate JavaScript content that contains a '
' character, bypassing the existing security filters. This could allow an attacker to create a specially crafted link that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Upgrade to version 6.5.5, 7.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015610
• Secunia Advisory ID: 16340
• Bugtraq ID: 16577
• CVE ID: 2006-0663 (see also: NVD)
• Related OSVDB ID: 23077 23078
• ISS X-Force ID: 24613
• VUPEN Advisory: ADV-2006-0499
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0183.html
• Other Advisory URL: http://secunia.com/secunia_research/2005-38/advisory/
• Vendor Specific Advisory URL: http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919

• Jakob Balle - jbsecunia.com - Secunia Research