Description
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.
Affected products
- Cisco / unified_meetingplace6.0 – 6.0
- Cisco / unified_meetingplace7.0 – 7.0
References
- MISChttp://www.securityfocus.com/bid/33915
- MISChttp://www.securitytracker.com/id?1021778
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/48965
- VENDOR_ADVISORYhttp://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html
- MISChttp://www.securityfocus.com/archive/1/501251/30/0/threaded
Updated 41m ago · 2 sources