The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OmniTouch Unified Communications My Teamwork

vulnerability CVE-2013-4653

Alcatel-Lucent OmniTouch My Teamwork: Cross Site Scripting of the URL /ics?action=signin

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting with the URL /ics?action=signin of Alcatel-Lucent OmniTouch My Teamwork, in order to execute JavaScript code in the context of the web site.
Impacted products: OmniTouch 8400 Instant Communications Suite, OmniTouch 8600 My Instant Communicator, OmniTouch Unified Communications My Teamwork.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 01/07/2013.
Identifiers: BID-60902, CERTA-2013-AVI-389, CVE-2013-4653, VIGILANCE-VUL-13020.

Description of the vulnerability

OmniTouch 8400 Instant Communications Suite includes a Web interface with an authentication form.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in URL /ics?action=signin of Alcatel-Lucent OmniTouch My Teamwork, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.