Summary
The host is running IBM Lotus Sametime Server and is prone to cross site scripting vulnerability
Impact
Successful exploitation allows remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application.
Solution
Vendor has rleased a patch to fix this issue, please refer below link for patch information.
http://www-01.ibm.com/support/docview.wss?rs=899&uid=swg21496276
Insight
Input passed to the 'authReasonCode' parameter in 'stcenter.nsf' when 'OpenDatabase' is set, is not properly sanitised before being returned to the user.
Affected
IBM Lotus Sametime version 8.0 and 8.0.1
References
Severity
Classification
-
CVE CVE-2011-1106 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities