Hello 3APA3A!
I want to warn you about Cross-Site Scripting vulnerability in IBM Domino. This is one from many vulnerabilities in Domino, which I've found at 03.05.2012. In previous years I wrote about multiple vulnerabilities in Lotus Domino (http://securityvulns.ru/docs29277.html) and Lotus Notes Traveler (http://securityvulns.ru/docs30224.html).
During 2012-2013 I informed IBM that have other holes in Domino (as this XSS), besides previous holes, but they were not interested.
Vulnerable are IBM Lotus Domino 8.5.3, 8.5.4 (in which I tested) and previous versions. Versions Domino 9.0 and 9.0.1 also must be vulnerable (since IBM hasn't fix it earlier).
IBM Domino (formerly IBM Lotus Domino)
http://www-03.ibm.com/software/products/us/en/ibmdomino/
Cross-Site Scripting (WASC-08):
http://site/mail/user.nsf/fc9368429d022147c3256c6a005431ff/3c575ad7c19a9ca0c22572b3002d5087/Body/%22;}alert(document.cookie);function%20a(){a=%22
For conducting XSS attack it's needed to know hashes in address of a letter. They can be found via information leakage (i.e. embedded image) or via other XSS vulnerability.
Full timeline read in the first advisory (http://securityvulns.ru/docs28474.html).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua