PT-2013-5117 · Alcatel Lucent · Omnitouch 8460 Advanced Communication Server+3
Published
2013-08-20
·
Updated
2017-08-29
·
CVE-2013-4653
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Alcatel-Lucent Omnitouch 8660 My Teamwork versions prior to 6.7
Alcatel-Lucent Omnitouch 8670 Automated Message Delivery System (AMDS) versions prior to 6.7
Alcatel-Lucent Omnitouch 8460 Advanced Communication Server versions prior to 9.1
Alcatel-Lucent OmniTouch 8400 Instant Communications Suite versions prior to 6.7.3
Description
The signin functionality of ics in MyTeamwork services contains multiple cross-site scripting (XSS) issues. These issues allow remote attackers to inject arbitrary web script or HTML via a crafted URL, resulting in a reflected XSS, or allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry, resulting in a stored XSS.
Recommendations
For Alcatel-Lucent Omnitouch 8660 My Teamwork versions prior to 6.7, update to version 6.7 or later.
For Alcatel-Lucent Omnitouch 8670 Automated Message Delivery System (AMDS) versions prior to 6.7, update to version 6.7 or later.
For Alcatel-Lucent Omnitouch 8460 Advanced Communication Server versions prior to 9.1, update to version 9.1 or later.
For Alcatel-Lucent OmniTouch 8400 Instant Communications Suite versions prior to 6.7.3, update to version 6.7.3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Omnitouch 8400 Instant Communications Suite
Omnitouch 8460 Advanced Communication Server
Omnitouch 8660 My Teamwork
Omnitouch 8670 Automated Message Delivery System