source: https://www.securityfocus.com/bid/16577/info IBM Lotus Domino iNotes is prone to multiple HTML- and script-injection vulnerabilities. These vulnerabilities can allow attackers to carry out a variety of attacks, including theft of cookie-based authentication credentials. Proof of concept for the email subject field script injection: