Dave Daly

**Name of the Vulnerable Software and Affected Versions** IBM Lotus Sametime version 8.0.1 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the stconf.nsf component of the server. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via two methods: (1) the `messageString` parameter in a "WebMessage" action, or (2) the `PATH INFO`. **Recommendations** For IBM Lotus Sametime version 8.0.1, consider restricting access to the stconf.nsf component until a fix is available. As a temporary workaround, avoid using the `messageString` parameter in WebMessage actions and restrict the `PATH INFO` to minimize the risk of exploitation.