vulnerability alert CVE-2011-4058 CVE-2011-4059

OmniTouch Instant Communication Suite: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate several Cross Site Scripting and Cross Site Request Forgery in OmniTouch Instant Communication Suite.
Impacted products: OmniTouch 8400 Instant Communications Suite, OmniTouch 8600 My Instant Communicator.
Severity: 2/4.
Creation date: 24/10/2011.
Identifiers: 2011003, BID-50346, CERTA-2011-AVI-594, CVE-2011-4058, CVE-2011-4059, TC-SA-2011-01, VIGILANCE-VUL-11096.

Description of the vulnerability

The OmniTouch Instant Communication Suite product is impacted by several vulnerabilities.

An attacker can create a Cross Site Scripting in the WebAdmin administration interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Reflected Cross Site Scripting in the Web softphone interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Stored Cross Site Scripting in the Web softphone interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Cross Site Request Forgery in the Web softphone interface. [severity:2/4; CVE-2011-4059]

An attacker can therefore generate several Cross Site Scripting and Cross Site Request Forgery in OmniTouch Instant Communication Suite.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

          

Computer vulnerabilities tracking service

Vigil@nce provides systems vulnerabilities alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.