Vigil@nce: OmniTouch Instant Communication Suite, Cross Site Scripting
November 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate several Cross Site Scripting and Cross
Site Request Forgery in OmniTouch Instant Communication Suite.
– Severity: 2/4
– Creation date: 24/10/2011
IMPACTED PRODUCTS
– Alcatel-Lucent OmniTouch 8400 Instant Communications Suite
– Alcatel-Lucent OmniTouch 8600 My Instant Communicator
DESCRIPTION OF THE VULNERABILITY
The OmniTouch Instant Communication Suite product is impacted by
several vulnerabilities.
An attacker can create a Cross Site Scripting in the WebAdmin
administration interface. [severity:2/4; CVE-2011-4058]
An attacker can create a Reflected Cross Site Scripting in the Web
softphone interface. [severity:2/4; CVE-2011-4058]
An attacker can create a Stored Cross Site Scripting in the Web
softphone interface. [severity:2/4; CVE-2011-4058]
An attacker can create a Cross Site Request Forgery in the Web
softphone interface. [severity:2/4; CVE-2011-4059]
An attacker can therefore generate several Cross Site Scripting
and Cross Site Request Forgery in OmniTouch Instant Communication
Suite.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OmniTouch-Instant-Communication-Suite-Cross-Site-Scripting-11096