CVE-2013-6743: XSS
First published: Thu Feb 13 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HCL Sametime | =8.5.2.0 | |
| HCL Sametime | =8.5.2.1 | |
| HCL Sametime | =9.0.0.0 | |
| HCL Sametime | =9.0.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-6743?
CVE-2013-6743 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2013-6743?
To remediate CVE-2013-6743, upgrade to IBM Sametime version 9.0.0.2 or later which addresses the vulnerability.
Who is affected by CVE-2013-6743?
CVE-2013-6743 affects remote authenticated users of IBM Sametime versions 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1.
What type of vulnerability is CVE-2013-6743?
CVE-2013-6743 is a cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML.
Can CVE-2013-6743 lead to data compromise?
Yes, exploitation of CVE-2013-6743 could allow an attacker to manipulate user sessions and potentially compromise data.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/hcl sametime
- version/hcl sametime/8.5.2.0
- version/hcl sametime/8.5.2.1
- version/hcl sametime/9.0.0.0
- version/hcl sametime/9.0.0.1