Vulnerability CVE-2007-1467
Published: 2007-03-16   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.

See advisories in our WLB2 database:
Topic
Author
Date
Low
XSS vulnerability in the online help system of several Cisco products
cassio and Erwin...
21.03.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Cisco -> Call manager 
Cisco -> Acs solution engine 
Cisco -> Network analysis module 
Cisco -> Ciscoworks 
Cisco -> Wireless control system 
Cisco -> Ip communicator 
Cisco -> Meetingplace 
Cisco -> Security device manager 
Cisco -> Unified meetingplace 
Cisco -> Unified meetingplace express 
Cisco -> Unified personal communicator 
Cisco -> Unified video advantage 
Cisco -> Unified videoconferencing 
Cisco -> Unified videoconferencing manager 
Cisco -> Vpn client 
Cisco -> Wan manager 
Cisco -> Wireless lan controllers 
Cisco -> Wireless lan solution engine 

 References:
http://securityreason.com/securityalert/2437
http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html
http://www.securityfocus.com/archive/1/462932/100/0/threaded
http://www.securityfocus.com/archive/1/462944/100/0/threaded
http://www.securityfocus.com/bid/22982
http://www.securitytracker.com/id?1017778
http://www.vupen.com/english/advisories/2007/0973
https://exchange.xforce.ibmcloud.com/vulnerabilities/33024
Copyright 2024, cxsecurity.com

 

Back to Top