Several vulnerabilities were reported in IBM Lotus iNotes
IBM Lotus iNotes 8.5.x
IBM Lotus iNotes 8.5.x contains four cross-site scripting vulnerabilities
The software does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the IBM Lotus iNotes software and will run in the security context of that site.
Access control error
vendor has issued a fix which is available in IBM Domino release 8.5.3 Fix Pack 5