CVE-2006-0663

Name of the Vulnerable Software and Affected Versions Lotus Domino iNotes Client versions 6.5.4 through 7.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various means, including an email subject, an encoded javascript URI (e.g., "java script:"), or an email attachment filename when the Domino Web Access ActiveX control is not installed.

Recommendations For Lotus Domino iNotes Client versions 6.5.4 through 7.0, consider disabling the execution of JavaScript code in email subjects and attachments to minimize the risk of exploitation. Restrict access to email attachments when the Domino Web Access ActiveX control is not installed. Avoid using encoded javascript URIs in emails until the issue is resolved.