CVE-2013-4653

Published: Aug 20, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.

Affected (4)

Products: Alcatel Lucent: Omnitouch 8400 Instant Communications Suite, Omnitouch 8460 Advanced Communication Server, Omnitouch 8660 My Teamwork, Omnitouch 8670 Automated Delivery Message Delivery System

Alcatel Lucent

4 products

Omnitouch 8400 Instant Communications Suite

Omnitouch 8460 Advanced Communication Server

Omnitouch 8660 My Teamwork

Omnitouch 8670 Automated Delivery Message Delivery System

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Alcatel Lucent Omnitouch 8400 Instant Communications Suite	Up to 6.7.2
Alcatel Lucent Omnitouch 8460 Advanced Communication Server	Up to 9.0
Alcatel Lucent Omnitouch 8660 My Teamwork	Up to 6.6
Alcatel Lucent Omnitouch 8670 Automated Delivery Message Delivery System	Up to 6.6