Description
Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.
Affected products
- Cisco / unified_meetingplace5.4
- Cisco / unified_meetingplace4.3.0.246 – 4.3.0.246
- Cisco / unified_meetingplace4.3.0.246.5 – 4.3.0.246.5
- Cisco / unified_meetingplace5 – 5
- Cisco / unified_meetingplace5.0 – 5.0
- Cisco / unified_meetingplace5.2 – 5.2
- Cisco / unified_meetingplace5.3 – 5.3
- Cisco / unified_meetingplace6.0 – 6.0
References
- VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml
- VENDOR_ADVISORYhttp://secunia.com/advisories/26462
- MISChttp://securitytracker.com/id?1018904
- MISChttp://www.securityfocus.com/bid/26364
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/38298
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/3772
Updated 40m ago · 2 sources