IBM Lotus Sametime Connect Client Mouseover XSS
Medium Nessus Plugin ID 70072
SynopsisThe remote Windows host has a chat client installed that is affected by a cross-site scripting vulnerability.
DescriptionThe version of IBM Lotus Sametime Connect installed on the remote Windows host is 7.5 or 7.5.1. Such versions are potentially affected by a cross-site scripting vulnerability. By tricking a user into moving the mouse cursor over specially crafted content, an attacker could execute arbitrary script code on the remote host subject to the privileges of the user running the affected application.
SolutionUpgrade to Lotus Sametime Connect Client 7.5.1 CF1 or later.