The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability alert CVE-2011-4058 CVE-2011-4059

OmniTouch Instant Communication Suite: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate several Cross Site Scripting and Cross Site Request Forgery in OmniTouch Instant Communication Suite.
Vulnerable systems: OmniTouch 8400 Instant Communications Suite, OmniTouch 8600 My Instant Communicator.
Severity of this threat: 2/4.
Consequences of an attack: client access/rights.
Pirate's origin: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 24/10/2011.
Références of this weakness: 2011003, BID-50346, CERTA-2011-AVI-594, CVE-2011-4058, CVE-2011-4059, TC-SA-2011-01, VIGILANCE-VUL-11096.

Description of the vulnerability

The OmniTouch Instant Communication Suite product is impacted by several vulnerabilities.

An attacker can create a Cross Site Scripting in the WebAdmin administration interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Reflected Cross Site Scripting in the Web softphone interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Stored Cross Site Scripting in the Web softphone interface. [severity:2/4; CERTA-2011-AVI-594, CVE-2011-4058]

An attacker can create a Cross Site Request Forgery in the Web softphone interface. [severity:2/4; CVE-2011-4059]

An attacker can therefore generate several Cross Site Scripting and Cross Site Request Forgery in OmniTouch Instant Communication Suite.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides systems vulnerabilities alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.