Lucene search

[email protected]NVD:CVE-2013-4653

HistoryAug 20, 2013 - 12:48 a.m.

CVE-2013-4653

2013-08-2000:48:09

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user’s personal bookmark entry that results in a stored XSS via unspecified vectors.

Affected configurations

Nvd

Node

alcatel-lucentomnitouch_8400_instant_communications_suiteRange≤6.7.2

alcatel-lucentomnitouch_8460_advanced_communication_serverRange≤9.0

alcatel-lucentomnitouch_8660_my_teamworkRange≤6.6

alcatel-lucentomnitouch_8670_automated_delivery_message_delivery_systemRange≤6.6

VendorProductVersionCPE
alcatel-lucentomnitouch_8400_instant_communications_suite*cpe:2.3:a:alcatel-lucent:omnitouch_8400_instant_communications_suite:*:*:*:*:*:*:*:*
alcatel-lucentomnitouch_8460_advanced_communication_server*cpe:2.3:a:alcatel-lucent:omnitouch_8460_advanced_communication_server:*:*:*:*:*:*:*:*
alcatel-lucentomnitouch_8660_my_teamwork*cpe:2.3:a:alcatel-lucent:omnitouch_8660_my_teamwork:*:*:*:*:*:*:*:*
alcatel-lucentomnitouch_8670_automated_delivery_message_delivery_system*cpe:2.3:a:alcatel-lucent:omnitouch_8670_automated_delivery_message_delivery_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alcatel-lucent	omnitouch_8400_instant_communications_suite	*	cpe:2.3:a:alcatel-lucent:omnitouch_8400_instant_communications_suite::::::::
alcatel-lucent	omnitouch_8460_advanced_communication_server	*	cpe:2.3:a:alcatel-lucent:omnitouch_8460_advanced_communication_server::::::::
alcatel-lucent	omnitouch_8660_my_teamwork	*	cpe:2.3:a:alcatel-lucent:omnitouch_8660_my_teamwork::::::::
alcatel-lucent	omnitouch_8670_automated_delivery_message_delivery_system	*	cpe:2.3:a:alcatel-lucent:omnitouch_8670_automated_delivery_message_delivery_system::::::::

References

osvdb.org/94810

osvdb.org/94811

secunia.com/advisories/54000

www.securityfocus.com/bid/60902

www3.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2013001.htm

exchange.xforce.ibmcloud.com/vulnerabilities/85382

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

Related for NVD:CVE-2013-4653

cve1 cvelist1 prion1