Lucene search

[email protected]CVE-2013-4653

HistoryAug 20, 2013 - 12:48 a.m.

CVE-2013-4653

2013-08-2000:48:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-4653

cross-site scripting

xss

alcatel-lucent

myteamwork

security vulnerability

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user’s personal bookmark entry that results in a stored XSS via unspecified vectors.

Affected configurations

NVD

Node

alcatel-lucentomnitouch_8400_instant_communications_suiteRange≤6.7.2

alcatel-lucentomnitouch_8460_advanced_communication_serverRange≤9.0

alcatel-lucentomnitouch_8660_my_teamworkRange≤6.6

alcatel-lucentomnitouch_8670_automated_delivery_message_delivery_systemRange≤6.6

CPENameOperatorVersion
alcatel-lucent:omnitouch_8400_instant_communications_suitealcatel-lucent omnitouch 8400 instant communications suitele6.7.2
alcatel-lucent:omnitouch_8460_advanced_communication_serveralcatel-lucent omnitouch 8460 advanced communication serverle9.0
alcatel-lucent:omnitouch_8660_my_teamworkalcatel-lucent omnitouch 8660 my teamworkle6.6
alcatel-lucent:omnitouch_8670_automated_delivery_message_delivery_systemalcatel-lucent omnitouch 8670 automated delivery message delivery systemle6.6

CPE	Name	Operator	Version
alcatel-lucent:omnitouch_8400_instant_communications_suite	alcatel-lucent omnitouch 8400 instant communications suite	le	6.7.2
alcatel-lucent:omnitouch_8460_advanced_communication_server	alcatel-lucent omnitouch 8460 advanced communication server	le	9.0
alcatel-lucent:omnitouch_8660_my_teamwork	alcatel-lucent omnitouch 8660 my teamwork	le	6.6
alcatel-lucent:omnitouch_8670_automated_delivery_message_delivery_system	alcatel-lucent omnitouch 8670 automated delivery message delivery system	le	6.6

References

osvdb.org/94810

osvdb.org/94811

secunia.com/advisories/54000

www.securityfocus.com/bid/60902

www3.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2013001.htm

exchange.xforce.ibmcloud.com/vulnerabilities/85382

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.9%

JSON

Related for CVE-2013-4653

cvelist1 nvd1 prion1