vendor:
IBM Lotus Sametime Server
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: IBM Lotus Sametime Server
Affected Version From: IBM Lotus Sametime 8.0.1
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE: a:ibm:lotus_sametime_server:8.0.1
Platforms Tested: Unknown
Unknown
IBM Lotus Sametime Server Cross-Site Scripting Vulnerability
The IBM Lotus Sametime Server is vulnerable to a cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a targeted user within the context of the affected site. This can lead to the theft of cookie-based authentication credentials and the launch of further attacks.
Mitigation:
Apply the latest security patches and updates from IBM to address this vulnerability. Additionally, implement web application firewalls and input validation mechanisms to prevent XSS attacks.