Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alcatel-Lucent | Omnitouch 8400 Instant Communications Suite | <= 6.7.2 |
| Alcatel-Lucent | Omnitouch 8460 Advanced Communication Server | <= 9.0 |
| Alcatel-Lucent | Omnitouch 8660 My Teamwork | <= 6.6 |
| Alcatel-Lucent | Omnitouch 8670 Automated Delivery Message Delivery System | <= 6.6 |
Related Weaknesses (CWE)
References
- http://osvdb.org/94810
- http://osvdb.org/94811
- http://secunia.com/advisories/54000Vendor Advisory
- http://www.securityfocus.com/bid/60902
- http://www3.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=CorporatVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85382
- http://osvdb.org/94810
- http://osvdb.org/94811
- http://secunia.com/advisories/54000Vendor Advisory
- http://www.securityfocus.com/bid/60902
- http://www3.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=CorporatVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85382
FAQ
What is CVE-2013-4653?
CVE-2013-4653 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message ...
How severe is CVE-2013-4653?
CVE-2013-4653 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4653?
Check the references section above for vendor advisories and patch information. Affected products include: Alcatel-Lucent Omnitouch 8400 Instant Communications Suite, Alcatel-Lucent Omnitouch 8460 Advanced Communication Server, Alcatel-Lucent Omnitouch 8660 My Teamwork, Alcatel-Lucent Omnitouch 8670 Automated Delivery Message Delivery System.