Cisco Unified MeetingPlace Web Conference Login Multiple Cross Site Scripting Vulnerabilities
BID:26364
Info
Cisco Unified MeetingPlace Web Conference Login Multiple Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 26364 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5581 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2007 12:00AM |
| Updated: | Jul 08 2010 05:17PM |
| Credit: | Joren McReynolds is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Cisco Unified MeetingPlace Web Conference 5.3.447 Cisco Unified MeetingPlace Web Conference 6.0.170.0 Cisco Unified MeetingPlace Web Conference 5.4.70.0 Cisco Unified MeetingPlace Web Conference 5.3.447.4 Cisco Unified MeetingPlace Web Conference 5.3.333.0 Cisco Unified MeetingPlace Web Conference 5.3.104.3 Cisco Unified MeetingPlace Web Conference 5.3.104.0 Cisco Unified MeetingPlace Web Conference 4.3.0.246.5 Cisco Unified MeetingPlace Web Conference 4.3.0.246 |
| Not Vulnerable: |
Cisco Unified MeetingPlace Web Conference 6.0.244 .1A Cisco Unified MeetingPlace Web Conference 5.4.156 .2E Cisco Unified MeetingPlace Web Conference 6.0.639.10 |
Discussion
Cisco Unified MeetingPlace Web Conference Login Multiple Cross Site Scripting Vulnerabilities
Cisco Unified MeetingPlace Web Conference is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect Unified MeetingPlace 6.0, 5.4, 5.3, and prior versions.
Cisco Unified MeetingPlace Web Conference is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect Unified MeetingPlace 6.0, 5.4, 5.3, and prior versions.
Exploit / POC
Cisco Unified MeetingPlace Web Conference Login Multiple Cross Site Scripting Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Cisco Unified MeetingPlace Web Conference Login Multiple Cross Site Scripting Vulnerabilities
Solution:
The vendor released hotfixes to address these issues. Please see the references for more information.
Solution:
The vendor released hotfixes to address these issues. Please see the references for more information.
References
Cisco Unified MeetingPlace Web Conference Login Multiple Cross Site Scripting Vulnerabilities
References:
References: