Vulnerability CVE-2013-4653


Published: 2013-08-19   Modified: 2013-08-20

Description:
Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Alcatel-lucent -> Omnitouch 8400 instant communications suite 
Alcatel-lucent -> Omnitouch 8460 advanced communication server 
Alcatel-lucent -> Omnitouch 8660 my teamwork 
Alcatel-lucent -> Omnitouch 8670 automated delivery message delivery system 

 References:
http://xforce.iss.net/xforce/xfdb/85382
http://www3.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2013001.htm
http://www.securityfocus.com/bid/60902
http://secunia.com/advisories/54000
http://osvdb.org/94811
http://osvdb.org/94810

Copyright 2021, cxsecurity.com

 

Back to Top