Podatność CVE-2007-1467


Publikacja: 2007-03-16   Modyfikacja: 2012-02-12

Opis:
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Low
XSS vulnerability in the online help system of several Cisco products
cassio and Erwin...
21.03.2007

Typ:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
3.5/10
2.9/10
6.8/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Jednorazowa
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Częściowy
Brak
Affected software
Cisco -> Call manager 
Cisco -> Acs solution engine 
Cisco -> Network analysis module 
Cisco -> Ciscoworks 
Cisco -> Wireless control system 
Cisco -> Ip communicator 
Cisco -> Meetingplace 
Cisco -> Security device manager 
Cisco -> Unified meetingplace 
Cisco -> Unified meetingplace express 
Cisco -> Unified personal communicator 
Cisco -> Unified video advantage 
Cisco -> Unified videoconferencing 
Cisco -> Unified videoconferencing manager 
Cisco -> Vpn client 
Cisco -> Wan manager 
Cisco -> Wireless lan controllers 
Cisco -> Wireless lan solution engine 

 Referencje:
http://securityreason.com/securityalert/2437
http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html
http://www.securityfocus.com/archive/1/462932/100/0/threaded
http://www.securityfocus.com/archive/1/462944/100/0/threaded
http://www.securityfocus.com/bid/22982
http://www.securitytracker.com/id?1017778
http://www.vupen.com/english/advisories/2007/0973
https://exchange.xforce.ibmcloud.com/vulnerabilities/33024

Copyright 2024, cxsecurity.com

 

Back to Top