Cross-Site Scripting Issue in IBM Lotus Sametime Server
CVE-2007-4142

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Sametime
Vendor: CVE Published:; 3 August 2007

Summary

The IBM Lotus Sametime Server version 7.5.1 prior to July 31, 2007, is vulnerable to a cross-site scripting (XSS) issue. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through unspecified vectors related to crafted Sametime meetings. Exploiting this vulnerability could enable attackers to execute malicious scripts in the context of the users' browser, potentially leading to session hijacking or unauthorized actions on behalf of the user.

References

http://secunia.com/advisories/26302

third-party-advisoryx_refsource_SECUNIA

http://www-1.ibm.com/support/docview.wss?uid=swg21266789

x_refsource_CONFIRM

http://www.securitytracker.com/id?1018502

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 3, 2007
Vulnerability Reserved
Aug 3, 2007