CVE-2013-4653

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent Omnitouch 8660 My Teamwork versions prior to 6.7 Alcatel-Lucent Omnitouch 8670 Automated Message Delivery System (AMDS) versions prior to 6.7 Alcatel-Lucent Omnitouch 8460 Advanced Communication Server versions prior to 9.1 Alcatel-Lucent OmniTouch 8400 Instant Communications Suite versions prior to 6.7.3

Description The signin functionality of ics in MyTeamwork services contains multiple cross-site scripting (XSS) issues. These issues allow remote attackers to inject arbitrary web script or HTML via a crafted URL, resulting in a reflected XSS, or allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry, resulting in a stored XSS.

Recommendations For Alcatel-Lucent Omnitouch 8660 My Teamwork versions prior to 6.7, update to version 6.7 or later. For Alcatel-Lucent Omnitouch 8670 Automated Message Delivery System (AMDS) versions prior to 6.7, update to version 6.7 or later. For Alcatel-Lucent Omnitouch 8460 Advanced Communication Server versions prior to 9.1, update to version 9.1 or later. For Alcatel-Lucent OmniTouch 8400 Instant Communications Suite versions prior to 6.7.3, update to version 6.7.3 or later.