Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4653

Опубликовано: 20 авг. 2013
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:alcatel-lucent:omnitouch_8400_instant_communications_suite:*:*:*:*:*:*:*:*
Версия до 6.7.2 (включая)
cpe:2.3:a:alcatel-lucent:omnitouch_8460_advanced_communication_server:*:*:*:*:*:*:*:*
Версия до 9.0 (включая)
cpe:2.3:a:alcatel-lucent:omnitouch_8660_my_teamwork:*:*:*:*:*:*:*:*
Версия до 6.6 (включая)
cpe:2.3:a:alcatel-lucent:omnitouch_8670_automated_delivery_message_delivery_system:*:*:*:*:*:*:*:*
Версия до 6.6 (включая)

EPSS

Процентиль: 66%
0.00516
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-vhc7-3xc2-j55w

github
больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.

EPSS

Процентиль: 66%
0.00516
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79