Security Bulletin: IBM Lotus Foundation Multiple Cross Site Scripting (CVE-2012-4848)
Persistent/Stored Cross-Site Scripting (XSS). A common user can launch XSS attack using any fields (First Name, Last Name and others). This XSS is executed in any logged-in user context, including admin.
Affected product(s) & Affected version(s):
VersSystems running Lotus Foundations 1.2.2b or earlier:
Lotus Foundations Start 1.2
Refer to the following reference URLs for remediation and additional vulnerability details.