Stephan Wissel wrote about a XSS vulnerabilty for Domino servers (< 8.5.4) and in his post you will get an advise how to protect your domino server against this attack. Thanks for this! Works great!
But there is still a problem with another URL pattern:
*/xsp/.ibmmodres/*
This resolves resources from databases, that’s why it only works in a database URL. But normally domcgf.nsf is reachable from outside.
Update:
The blog post was updated on wissel.net. Please update your server configuration!
