CVE-2013-4653: XSS
First published: Tue Aug 20 2013(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alcatel-Lucent OmniTouch 8400 Instant Communications Suite | <=6.7.2 | |
| Alcatel-Lucent Omnitouch 8460 Advanced Communication Server | <=9.0 | |
| Alcatel-Lucent Omnitouch 8660 My Teamwork | <=6.6 | |
| Alcatel-Lucent OmniTouch 8670 Automated Delivery Message Delivery System | <=6.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/94810
- http://osvdb.org/94811
- http://secunia.com/advisories/54000
- http://www.securityfocus.com/bid/60902
- http://www3.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2013001.htm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85382
Frequently Asked Questions
What is the severity of CVE-2013-4653?
CVE-2013-4653 is considered to have a medium severity level due to potential exploitation through cross-site scripting vulnerabilities.
How do I fix CVE-2013-4653?
To fix CVE-2013-4653, upgrade to the patched versions of the affected Alcatel-Lucent Omnitouch products as outlined in the security advisories.
Which versions are affected by CVE-2013-4653?
CVE-2013-4653 affects MyTeamwork services in versions prior to 6.7 of Omnitouch 8660, 8670, and 8460 products.
What are the potential impacts of exploiting CVE-2013-4653?
Exploiting CVE-2013-4653 could allow an attacker to execute arbitrary scripts in the context of the user's browser, leading to information theft or session hijacking.
Are there any specific user actions needed to mitigate CVE-2013-4653?
Users should avoid using outdated versions of the Alcatel-Lucent software and ensure their systems are updated to mitigate CVE-2013-4653.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/alcatel-lucent
- canonical/alcatel-lucent omnitouch 8400 instant communications suite
- version/alcatel-lucent omnitouch 8400 instant communications suite/6.7.2
- canonical/alcatel-lucent omnitouch 8460 advanced communication server
- version/alcatel-lucent omnitouch 8460 advanced communication server/9.0
- canonical/alcatel-lucent omnitouch 8660 my teamwork
- version/alcatel-lucent omnitouch 8660 my teamwork/6.6
- canonical/alcatel-lucent omnitouch 8670 automated delivery message delivery system
- version/alcatel-lucent omnitouch 8670 automated delivery message delivery system/6.6