The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of My Instant Communicator

computer vulnerability alert CVE-2011-4058 CVE-2011-4059

OmniTouch Instant Communication Suite: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate several Cross Site Scripting and Cross Site Request Forgery in OmniTouch Instant Communication Suite.
Impacted products: OmniTouch 8400 Instant Communications Suite, OmniTouch 8600 My Instant Communicator.
Severity: 2/4.
Creation date: 24/10/2011.
Identifiers: 2011003, BID-50346, CERTA-2011-AVI-594, CVE-2011-4058, CVE-2011-4059, TC-SA-2011-01, VIGILANCE-VUL-11096.

Description of the vulnerability

The OmniTouch Instant Communication Suite product is impacted by several vulnerabilities.

An attacker can create a Cross Site Scripting in the WebAdmin administration interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Reflected Cross Site Scripting in the Web softphone interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Stored Cross Site Scripting in the Web softphone interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Cross Site Request Forgery in the Web softphone interface. [severity:2/4; CVE-2011-4059]

An attacker can therefore generate several Cross Site Scripting and Cross Site Request Forgery in OmniTouch Instant Communication Suite.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about My Instant Communicator: