https://www.exploit-db.com/exploits/23837
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-838

LotusDomino服务器是一款基于WEB合作的应用程序架构，运行在Linux/Unix和MicrosoftWindows操作系统平台下。LotusDomino服务器的webadmin.nsf中包含的’QuickConsole’功能对用户提交请求缺少充分过滤，远程攻击者可以利用这个漏洞进行跨站脚本执行攻击。’QuickConsole’功能里的”Dominocommand”输入恶意脚本代码，当其他用户浏览此链接时可导致恶意脚本代码在用户浏览器上执行，会使用户基于验证的COOKIE信息泄露。

source: http://www.securityfocus.com/bid/9901/info

It has been reported that Lotus Domino server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data via the 'Quick Console' function of 'webadmin.nsf' administrative interface.

IBM Lotus Domino server 6.5.1 has been reported to be prone to this issue, however, it is possible that other versions are affected as well.

1)Go to http://www.example.com/webadmin.nsf
2)Go to "server" tab
3)Go to "Quick console" in the left column
4)Give as "Domino command" <script>alert(document.cookie)</script>

来源:XF
名称:lotus-domino-webadmin-xss(15502)
链接:http://xforce.iss.net/xforce/xfdb/15502
来源:BID
名称:9901
链接:http://www.securityfocus.com/bid/9901
来源:SECUNIA
名称:11143
链接:http://secunia.com/advisories/11143
来源:members.lycos.co.uk
链接:http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt
来源:OSVDB
名称:4306
链接:http://www.osvdb.org/4306
来源：NSFOCUS
名称：6184
链接：http://www.nsfocus.net/vulndb/6184