IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications.
IBM Domino is affected with multiple cross-site scripting vulnerabilities which can be exploited by a remote attacker.
IBM Domino 9.0.0 prior to 9.0.1
IBM Domino 8.5.3 prior to 8.5.3 Fix Pack 6
IBM Domino 8.5.2x
IBM Domino 8.5.1x
QID Detection Logic (Authenticated):
The check for vulnerable version of IBM Domino by looking at the file version of “nserver.exe”. The path for “nserver.exe” is retrived via the registry key “HKLM\SOFTWARE\Wow6432Node\Lotus\Domino” value “Path”.
Successsul exploitation of the vulnerability will lead to Cross-Site Scripting attacks.