CVE-2013-6743

Name of the Vulnerable Software and Affected Versions IBM Sametime versions 8.5.2 through 8.5.2.1 IBM Sametime versions 9.x through 9.0.0.1

Description A cross-site scripting (XSS) issue exists in the Meeting Server component, allowing remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.

Recommendations For IBM Sametime versions 8.5.2 through 8.5.2.1, update to a version outside of this range to resolve the issue. For IBM Sametime versions 9.x through 9.0.0.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Meeting Server component until a patch is available.