Juan C Calderon

**Name of the Vulnerable Software and Affected Versions** IBM Lotus Notes versions prior to R6 IBM Domino versions prior to R6 **Description** A cross-site scripting (XSS) issue allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of computed for display, computed when composed, or computed text element fields. The vendor has disputed this issue, stating it is not a problem with Notes/Domino itself, but with applications that do not properly handle this feature. **Recommendations** For IBM Lotus Notes versions prior to R6, consider restricting the use of computed for display, computed when composed, or computed text element fields until a resolution is provided. For IBM Domino versions prior to R6, consider restricting the use of computed for display, computed when composed, or computed text element fields until a resolution is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.