The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of My Instant Communicator

vulnerability CVE-2013-4653

Alcatel-Lucent OmniTouch My Teamwork: Cross Site Scripting of the URL /ics?action=signin

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting with the URL /ics?action=signin of Alcatel-Lucent OmniTouch My Teamwork, in order to execute JavaScript code in the context of the web site.
Impacted products: OmniTouch 8400 Instant Communications Suite, OmniTouch 8600 My Instant Communicator, OmniTouch Unified Communications My Teamwork.
Severity: 2/4.
Creation date: 01/07/2013.
Identifiers: BID-60902, CERTA-2013-AVI-389, CVE-2013-4653, VIGILANCE-VUL-13020.

Description of the vulnerability

OmniTouch 8400 Instant Communications Suite includes a Web interface with an authentication form.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in URL /ics?action=signin of Alcatel-Lucent OmniTouch My Teamwork, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2011-4058 CVE-2011-4059

OmniTouch Instant Communication Suite: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate several Cross Site Scripting and Cross Site Request Forgery in OmniTouch Instant Communication Suite.
Impacted products: OmniTouch 8400 Instant Communications Suite, OmniTouch 8600 My Instant Communicator.
Severity: 2/4.
Creation date: 24/10/2011.
Identifiers: 2011003, BID-50346, CERTA-2011-AVI-594, CVE-2011-4058, CVE-2011-4059, TC-SA-2011-01, VIGILANCE-VUL-11096.

Description of the vulnerability

The OmniTouch Instant Communication Suite product is impacted by several vulnerabilities.

An attacker can create a Cross Site Scripting in the WebAdmin administration interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Reflected Cross Site Scripting in the Web softphone interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Stored Cross Site Scripting in the Web softphone interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Cross Site Request Forgery in the Web softphone interface. [severity:2/4; CVE-2011-4059]

An attacker can therefore generate several Cross Site Scripting and Cross Site Request Forgery in OmniTouch Instant Communication Suite.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.