Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.
http://www.securityfocus.com/bid/2962
http://www.securityfocus.com/archive/1/194609
http://www.securityfocus.com/archive/1/194465