IBM Lotus Sametime Multiple Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

The host is running IBM Lotus Sametime Server and is prone to cross site scripting vulnerability

Impact

Successful exploitation allows remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application.

Solution

Vendor has rleased a patch to fix this issue, please refer below link for patch information. http://www-01.ibm.com/support/docview.wss?rs=899&uid=swg21496276

Insight

Input passed to the 'authReasonCode' parameter in 'stcenter.nsf' when 'OpenDatabase' is set, is not properly sanitised before being returned to the user.

Affected

IBM Lotus Sametime version 8.0 and 8.0.1

References

http://downloads.securityfocus.com/vulnerabilities/exploits/46481.txt
http://secunia.com/advisories/43430/
http://xforce.iss.net/xforce/xfdb/65555

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1106

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
AMSI 'file' Parameter Directory Traversal Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities