IBM Lotus Sametime Connect Client Mouseover XSS

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a chat client installed that is affected by
a cross-site scripting vulnerability.

Description :

The version of IBM Lotus Sametime Connect installed on the remote
Windows host is 7.5 or 7.5.1. Such versions are potentially affected by
a cross-site scripting vulnerability. By tricking a user into moving
the mouse cursor over specially crafted content, an attacker could
execute arbitrary script code on the remote host subject to the
privileges of the user running the affected application.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21292938

Solution :

Upgrade to Lotus Sametime Connect Client 7.5.1 CF1 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 70072 ()

Bugtraq ID: 27316

CVE ID: CVE-2008-0354