IBM Lotus Sametime Server Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	25167
Class:	Input Validation Error
CVE:	CVE-2007-4142
Remote:	Yes
Local:	No
Published:	Aug 01 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	The vendor disclosed this issue.
Vulnerable:	IBM Lotus Sametime 7.5.1
Not Vulnerable:

IBM Lotus Sametime Server Unspecified Cross-Site Scripting Vulnerability

IBM Lotus Sametime Server is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Sametime Server 7.5.1; prior versions may also be affected.

IBM Lotus Sametime Server Unspecified Cross-Site Scripting Vulnerability

An attacker may exploit this issue by enticing an unsuspecting user to follow a malicious URI.

IBM Lotus Sametime Server Unspecified Cross-Site Scripting Vulnerability

Solution:
The vendor released updates to address this issue. Contact the vendor for information on obtaining and applying fixes.

Please see the references for more information.

IBM Lotus Sametime Server Unspecified Cross-Site Scripting Vulnerability

References:

• IBM Lotus Sametime Product Page (IBM)
  
• Potential Cross Site Scripting (XSS) vulnerability in IBM Lotus Sametime Server (IBM)