IBM Lotus Notes Traveler Open-Redirection and Cross Site Scripting Vulnerabilities

IBM Lotus Notes Traveler is prone to an open-redirection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.

Versions prior to IBM Lotus Notes Traveler 8.5.3 Fix Pack 2 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus