漏洞标题
N/A
漏洞描述信息
在ALCetel-Lucent的AmiSphere 8660 MyTeamwork服务中,6.7以前的 OmniTouch 8660 My Teamwork、6.7以前的 OmniTouch 8670 Automated Message Delivery System (AMDS)、9.1以前的 OmniTouch 8460 Advanced Communication Server 和 6.7以前的 OmniTouch 8400 Instant Communications Suite存在多个跨站点脚本(XSS)漏洞。(1)通过精心构造的URL,允许远程攻击者 inject任意的Web脚本或HTML,从而导致反射XSS。(2)允许用户协助的远程攻击者通过用户的个人书签项,通过未指定 vector 存储XSS。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
多款Alcatel-Lucent OmniTouch产品跨站脚本漏洞
漏洞描述信息
Alcatel-Lucent OmniTouch是法国阿尔卡特-朗讯(Alcatel-Lucent)公司的一套统一通信解决方案。该解决方案支持智能电话、无线网络技术等。 Alcatel-Lucent Omnitouch 8660 My Teamwork 6.7之前版本,Omnitouch 8670 Automated Message Delivery System (AMDS) 6.7之前版本,Omnitouch 8460 Advanced Communication Server 9.1之前版本,Omn
CVSS信息
N/A
漏洞类别
跨站脚本