Cross-site Scripting Vulnerability in IBM Sametime Classic Meeting Server
CVE-2014-4748

Currently unrated

Key Information:

Vendor: IBM
Status: Sametime
Vendor: CVE Published:; 26 July 2014

Summary

The Classic Meeting Server component in IBM Sametime versions 8.x through 8.5.2.1 is susceptible to a Cross-site Scripting (XSS) vulnerability. This flaw allows remote attackers to inject arbitrary web scripts or HTML through specially crafted URLs, enabling potential unauthorized actions or information theft. It highlights the importance of securing web applications from injection attacks to protect users and sensitive data.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21679221

x_refsource_CONFIRM

http://packetstormsecurity.com/files/127831/IBM-Sametime-...

x_refsource_MISC

http://secunia.com/advisories/60202

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 26, 2014
Vulnerability Reserved
Jul 9, 2014