Multiple vulnerabilities have been reported in IBM Lotus iNotes
IBM iNotes 9.x
IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability
1) Certain input related to MIME mail is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) An integer overflow error within the DWA9W ActiveX control can be exploited to execute arbitrary code.
Cross Site Scripting
Vendor recommends updating to Interim Fix 3