Blog

A Sametime cross site scripting vulnerability posted


Tags :


From reading the web advisory and then the IBM technote, it seems to be all versions of Sametime, including 7.5.1 with an availble hotfix for all versions.  Future updates and fixes will contain the fix also.

Problem In very specific scenarios, there is a possibility that a Sametime® server could be exploited by a Cross Site Scripting vulnerability.   Solution In a specific instance, it was found that a precisely crafted Sametime meeting could potentially contain text that would expose a Cross Site Script vulnerability.

This can be addressed in Sametime 7.5.1 by applying an available hotfix. All future releases will contain this fix within the shipping version. Additionally, the same issue was not seen using the EMS server.