IBM Lotus Foundation Mu ltiple Cross Site Scripting
Systems running Lotus Foundations 1.2.2b or earlier:
Lotus Foundations Start 1.2
Two vulnerabilities have been reported in IBM Lotus Foundations
1) Input passed via the "Users" page in Webconfig is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
2) An error exists within the bundled version of PHP.
Two vulnerabilities have been reported in IBM Lotus Foundations Start, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to disclose certain sensitive information or compromise a vulnerable system.